For a change of pace, let's look at the client's end now. This time, we'll look at a handy trick to help ease the pain of logging into different servers that require different keys or SSH options. All you have to do is go into the .ssh directory in your own home directory and create a config file. To demonstrate this, let's say that we've created either a DNS record or an /etc/hosts file entry for our servers so that we don't have to remember so many IP addresses.

Let's also say that we've created a separate pair of keys for each server that we need to access. In the ~/.ssh/config file, we can add a stanza that looks something like this:

Host ubuntu-nftables
 IdentityFile ~/.ssh/unft_id_rsa
 IdentitiesOnly yes
 ForwardX11 yes
 Cipher [email protected]

Here's the breakdown:

• IdentityFile: This specifies the key that goes with this server.
• IdentitiesOnly yes: If you happen to have more than one key loaded into your session keyring, this forces your client to only use the key that's specified here.
• ForwardX11 yes: We want this client to use X11 forwarding. (Of course, this will only be effective if the server has been configured to allow it.)
• Cipher [email protected]: We want to use this algorithm, and only this algorithm, to perform our encryption.

To create custom configurations for other hosts, just add a stanza for each one to this file.

After you save the file, you have to change its permissions settings to a value of 600. If you don't, you'll get an error when you try to log into any of the servers that are configured in the file.

Now that you know about custom configurations, let's talk about SFTP, where we'll make good use of the Match Group directive that we just looked at.