X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=ssh_config;h=3cb065fcb14ae6808fdad3ed4219555d0dcf0214;hb=75e0616f82cd0b9e057692c065ada56de2b4f321;hp=379130f301b6e8590b11f30c81537f4a2a1f3dc4;hpb=e64c8f9669ae521b3c5a536692c1f4751dc92a41;p=config%2Fdotfiles.git diff --git a/ssh_config b/ssh_config index 379130f..3cb065f 100644 --- a/ssh_config +++ b/ssh_config @@ -29,10 +29,10 @@ # Rules for all hosts. Host * -# Force protocol version 2 which is more secure. +# Force protocol version 2 which is more secure (default). Protocol 2 -# Disable X11 and agent forwarding for security reasons. +# Disable X11 and agent forwarding for security reasons (defaults). ForwardX11 no ForwardAgent no # Don't trust remote X11 clients. If enabled allows bad admins complete access @@ -48,6 +48,13 @@ Host * PasswordAuthentication yes PubkeyAuthentication yes +# Use only authentication identity files configured in ~/.ssh/config even if +# ssh-agent offers more identities. + IdentitiesOnly yes + +# Bind local forwardings to loopback only. This way no remote hosts can access +# them (default). + GatewayPorts no # Abort if not all requested port forwardings can be set up. ExitOnForwardFailure yes @@ -56,19 +63,25 @@ Host * # authentications (which are relatively slow) and TCP connections. The master # sockets are stored in ~/.ssh (by default ControlPath is not set). ControlPath ~/.ssh/master-%l-%h-%p-%r +# Automatically create a new master session if there's none yet or use an +# existing one. This way the user doesn't have to use -M to enable a master +# manually. Don't set this option to "yes" or all SSH commands try to become +# the master session which is obviously not possible. + ControlMaster auto # Hash hosts in ~/.ssh/known_hosts to try to conceal the known hosts. Doesn't # help if the ssh hosts are stored in the shell's history file or in this file # as shortcut. HashKnownHosts yes -# Don't permit running local commands. +# Don't permit running local commands (default). PermitLocalCommand no -# Don't send any environment variables. +# Don't send any environment variables (default). SendEnv -# Check host IP in known_hosts when connecting to detect DNS spoofing. +# Check host IP in known_hosts when connecting to detect DNS spoofing +# (default). CheckHostIP yes -# Ask before adding any host keys to ~/.ssh/known_hosts. +# Ask before adding any host keys to ~/.ssh/known_hosts (default). StrictHostKeyChecking ask