Inspecting SSH client configuration reveals how remote logins authenticate, tunnel traffic, and keep idle sessions alive, which simplifies troubleshooting timeouts and unexpected password prompts.

On typical Linux systems with OpenSSH, client behavior is governed primarily by two configuration files: the user-specific /home/user/.ssh/config and the system-wide /etc/ssh/ssh_config. The client parses these in a defined order, matching Host blocks against the destination name and combining options such as IdentityFile, ProxyJump, and ServerAliveInterval.

Configuration files may contain sensitive hostnames, usernames, and key paths, and misinterpreting precedence between user and system files can lead to confusion when changes seem to have no effect. Careful inspection of each file and use of the ssh -G option to dump the effective configuration ensures a precise understanding of what the client applies for any given host, while avoiding accidental exposure of confidential details in shared logs.

Related: How to set per-host SSH identity files in config
Related: How to connect to an SSH server through a jump host
Related: How to connect through a proxy with SSH ProxyCommand

Steps to show SSH client configuration:

  1. Open a terminal with a regular user account. 
    $ whoami
user
  2. Display the user-specific SSH client configuration from /home/user/.ssh/config if present. 
    $ cat ~/.ssh/config
Host proxy.example.net
  HostName host.example.net
  User user
  IdentityFile ~/.ssh/id_ed25519

Host app.internal.example
  HostName host.example.net
  User user
  IdentityFile ~/.ssh/id_ed25519
  ProxyJump proxy.example.net

    File /home/USERNAME/.ssh/config defines per-user and per-host settings and overrides matching options from the system-wide file.

    Configuration may reference private repositories, internal hostnames, or key paths; avoid sharing full contents in public forums.

  3. Show the system-wide SSH client configuration from /etc/ssh/ssh_config for global defaults. 
    $ sudo cat /etc/ssh/ssh_config
# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
##### snipped #####
Include /etc/ssh/ssh_config.d/*.conf

Host *
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes

    Options in /etc/ssh/ssh_config apply to all users unless overridden in /home/USERNAME/.ssh/config or on the command line.

  4. Dump the effective SSH configuration for a specific destination using ssh -G. 
    $ ssh -G app.internal.example
host app.internal.example
user user
hostname host.example.net
port 22
##### snipped #####
identityfile ~/.ssh/id_ed25519
proxyjump proxy.example.net

    Command ssh -G prints the merged configuration after applying system-wide defaults, user-specific settings, and the selected Host block for the given name.

  5. Filter the effective configuration output to focus on particular options when diagnosing behavior. 
    $ ssh -G app.internal.example | grep -Ei 'proxy(jump|command|use)'
proxyusefdpass no
proxyjump proxy.example.net

    Using filters such as grep highlights how options like ProxyJump, IdentityFile, or Port are finally resolved for the target host.

  6. Confirm that the inspected configuration matches runtime behavior by initiating a verbose connection. 
    $ ssh -vv app.internal.example
OpenSSH_9.6p1 Ubuntu-3ubuntu13.14, OpenSSL 3.0.13 30 Jan 2024
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 6: Applying options for app.internal.example
debug1: Reading configuration data /etc/ssh/ssh_config
##### snipped #####

    Verbose output shows which configuration files and Host blocks are used, verifying that the observed settings are actually applied.