X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=ssh_config;h=3cb065fcb14ae6808fdad3ed4219555d0dcf0214;hb=75e0616f82cd0b9e057692c065ada56de2b4f321;hp=d0a88d76194ce692edf01b76ff6a926e1413bd7c;hpb=8952b50cbed4219d1586bb5a4d7741f17b299d30;p=config%2Fdotfiles.git diff --git a/ssh_config b/ssh_config index d0a88d7..3cb065f 100644 --- a/ssh_config +++ b/ssh_config @@ -1,22 +1,87 @@ # SSH configuration file. +# +# Some options are set even if they are default to prevent /etc/ssh/ssh_config +# from overwriting them. + +# Copyright (C) 2011-2013 Simon Ruderich +# +# This file is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file. If not, see . + +# Undocumented (and not very well tested) feature. This drops the connection +# after 5 seconds of inactivity. Thanks to shad0VV in #openssh on Freenode +# (2012-11-04 18:40 CET) for telling me about this undocumented feature. +# +# ServerAliveCountMax 0 +# ServerAliveInterval 5 # Rules for all hosts. Host * -# Force protocol version 2 which is more secure. +# Force protocol version 2 which is more secure (default). Protocol 2 -# Disable X11 and agent forwarding for security reasons. +# Disable X11 and agent forwarding for security reasons (defaults). ForwardX11 no ForwardAgent no # Don't trust remote X11 clients. If enabled allows bad admins complete access # to local X11! ForwardX11Trusted no -# If -M is used store the control master socket in ~/.ssh. Necessary for -# ControlMaster to work. +# Disable authentication methods I don't use. + ChallengeResponseAuthentication no + GSSAPIAuthentication no + HostbasedAuthentication no + KbdInteractiveAuthentication no +# Only enable those I need. + PasswordAuthentication yes + PubkeyAuthentication yes + +# Use only authentication identity files configured in ~/.ssh/config even if +# ssh-agent offers more identities. + IdentitiesOnly yes + +# Bind local forwardings to loopback only. This way no remote hosts can access +# them (default). + GatewayPorts no +# Abort if not all requested port forwardings can be set up. + ExitOnForwardFailure yes + +# Allow using -M (ControlMaster) to create a master SSH session which +# "tunnels" other connections to the same host, thus reducing the number of +# authentications (which are relatively slow) and TCP connections. The master +# sockets are stored in ~/.ssh (by default ControlPath is not set). ControlPath ~/.ssh/master-%l-%h-%p-%r +# Automatically create a new master session if there's none yet or use an +# existing one. This way the user doesn't have to use -M to enable a master +# manually. Don't set this option to "yes" or all SSH commands try to become +# the master session which is obviously not possible. + ControlMaster auto + +# Hash hosts in ~/.ssh/known_hosts to try to conceal the known hosts. Doesn't +# help if the ssh hosts are stored in the shell's history file or in this file +# as shortcut. + HashKnownHosts yes -# Don't send any environment variables. +# Don't permit running local commands (default). + PermitLocalCommand no + +# Don't send any environment variables (default). SendEnv + +# Check host IP in known_hosts when connecting to detect DNS spoofing +# (default). + CheckHostIP yes +# Ask before adding any host keys to ~/.ssh/known_hosts (default). + StrictHostKeyChecking ask