| Host | Domain | Keys | Wildcard | Copy |
|---|---|---|---|---|
| {{ r.host }} | {{ r.domain || '—' }} | {{ r.keyCount }} | {{ r.wild ? 'Yes' : 'No' }} | |
| No rows | ||||
| Host | Issue | Copy |
|---|---|---|
| {{ w.host }} | {{ w.issue }} | |
| No issues found. | ||
| Severity | Host | Issue | Recommendation | Copy |
|---|---|---|---|---|
| {{ finding.severityLabel }} | {{ finding.host || 'Global' }} | {{ finding.issue }} | {{ finding.recommendation }} |
| Directive | Hosts | Unique values | Missing | Example value | Copy |
|---|---|---|---|---|---|
| {{ row.key }} | {{ row.hostCount }} | {{ row.uniqueValues }} | {{ row.missingHosts }} | {{ row.sampleValue || '—' }} |
~/.ssh/config. Download and replace it manually when done.
Secure Shell client configuration files are plain text lists that map host names to connection settings and identities. They shape how you reach development and production systems and they influence safety and convenience each time you connect.
Editing by eye invites drift across environments and small differences can weaken authentication or open tunnels you did not intend. This editor reads a pasted file or a dropped file and organizes host blocks so you can review patterns and options with less guesswork.
A built in security audit highlights common risks in clear language and suggests practical fixes you can apply in place. A simple match tester shows which host patterns catch a sample name so you understand how wildcards behave before you deploy changes.
Results appear instantly as you type so you can refine values and copy a clean file for the next review. For sensitive work, prefer test values and rotate secrets separately after peers approve the changes.
Secure Shell configuration files describe connection options per host pattern. Each host block begins with the word Host followed by one or more patterns, then a list of directive name and value pairs. The parser separates host blocks from non host lines and preserves comments and global lines when requested.
The analyzer computes coverage for each directive, identifies lint issues, and evaluates security findings. Findings are grouped into High, Medium, and Low with a single actionable recommendation per item. Matching treats the characters * and ? as wildcards and compares patterns to a sample host in a case insensitive way. Multiple tokens are evaluated as alternatives.
Comparisons and warnings are derived from the text you load. Include and Match sections are kept as lines when you choose to preserve them and they are not interpreted during analysis. This keeps the view predictable and easy to trace back to the file you will save.
Include, and Match lines as non host lines.Host block and parse directive pairs.# Example snippet
Host db-*
HostName db.internal
User root
ForwardAgent yes
StrictHostKeyChecking accept-new
LocalForward 0.0.0.0:5432 127.0.0.1:5432Detected findings:
| Severity | Typical triggers | Implication | Action cue |
|---|---|---|---|
| High | User root; StrictHostKeyChecking off; PasswordAuthentication yes | Elevated takeover or spoofing risk | Change immediately and re test access |
| Medium | StrictHostKeyChecking accept new; ForwardAgent yes; wide binds in tunnels | Exposure or trust gaps under common setups | Tighten settings and confirm behaviour |
| Low | ControlMaster without ControlPersist; HostName missing; UpdateHostKeys no | Suboptimal defaults or clarity issues | Set explicit values to improve safety |
| Field | Type | Min | Max | Step/Pattern | Error text |
|---|---|---|---|---|---|
| Host pattern | String | 1 | — | * | Host pattern is empty. |
| Directive key | String | 1 | — | Known or Custom | Duplicate key "Name" or missing key. |
| Directive value | String | 1 | — | Trims inline comments in quotes | Key "Name" has an empty value. |
| Host block | List | 0 | — | — | Host has no directives. |
| Input | Accepted families | Output | Encoding/precision | Rounding |
|---|---|---|---|---|
| Text file or pasted text | Plain text, comments preserved | Config preview and file | UTF‑8 text | Not applicable |
| — | — | JSON snapshot | Keys, values, options | Not applicable |
| — | — | Tables (CSV) and reports (DOCX) | Host list, lint, security, insights | Not applicable |
| Baseline text | Plain text | Unified style diff | Context, add and remove markers | Not applicable |
* and ? only.#; unquoted values stop at # for comments.Privacy and compliance: Processing is client only and no configuration content is transmitted or stored by a server.
Secure Shell configuration review and cleanup with host patterns, directive coverage, and a simple risk check.
No. Parsing, preview, and exports run in the browser and generated files stay on your device.
Avoid pasting secrets during review.They flag common risks based on directive values. They are not a security audit of hosts or keys and should be used with judgment.
Plain text Secure Shell config files with Host blocks. Comments are preserved. Include and Match lines are kept when you choose to preserve them.
Yes. Once the page is open, the tool continues to work because it does not request remote services for parsing or export.
Enter a sample name in the match tester. The counter shows how many Host patterns would match, using * and ? wildcards.
A setting that is safe in some contexts but risky in others. Review the recommendation and tighten it when exposure is likely.
There is no account step and no server processing. Use it as a quick aide during reviews and keep license terms for your environment in mind.
* matches many characters and ? matches one.