ssh_config: Disable unused authentication methods.

[config/dotfiles.git] / ssh_config

diff --git a/ssh_config b/ssh_config
index 78662eef8a37488500a912139ed69dad9840e6cd..379130f301b6e8590b11f30c81537f4a2a1f3dc4 100644 (file)
--- a/ssh_config
+++ b/ssh_config
@@ -39,14 +39,31 @@ Host *
 # to local X11!
     ForwardX11Trusted no
 
+# Disable authentication methods I don't use.
+    ChallengeResponseAuthentication no
+    GSSAPIAuthentication no
+    HostbasedAuthentication no
+    KbdInteractiveAuthentication no
+# Only enable those I need.
+    PasswordAuthentication yes
+    PubkeyAuthentication yes
+
+# Abort if not all requested port forwardings can be set up.
+    ExitOnForwardFailure yes
+
 # Allow using -M (ControlMaster) to create a master SSH session which
 # "tunnels" other connections to the same host, thus reducing the number of
 # authentications (which are relatively slow) and TCP connections. The master
 # sockets are stored in ~/.ssh (by default ControlPath is not set).
     ControlPath ~/.ssh/master-%l-%h-%p-%r
 
-# Abort if not all requested port forwardings can be set up.
-    ExitOnForwardFailure yes
+# Hash hosts in ~/.ssh/known_hosts to try to conceal the known hosts. Doesn't
+# help if the ssh hosts are stored in the shell's history file or in this file
+# as shortcut.
+    HashKnownHosts yes
+
+# Don't permit running local commands.
+    PermitLocalCommand no
 
 # Don't send any environment variables.
     SendEnv