# Some options are set even if they are default to prevent /etc/ssh/ssh_config
# from overwriting them.
-# Copyright (C) 2011-2013 Simon Ruderich
+# Copyright (C) 2011-2016 Simon Ruderich
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# ServerAliveInterval 5
+# Options are parsed top-to-bottom, the first matching option is used. Later
+# assignments to the same option are ignored, thanks to anonJD in #openssh on
+# Freenode (2011-05-18 21:40 CEST) for letting me know. Therefore put all
+# affected host specific rules here, before the global rules.
+#
+# For example to change the MACs option for a specific host, use:
+#
+# Host host
+# # Old SSH daemon which needs SHA1 (SHA-512 in case it gets updated).
+# MACs hmac-sha2-512,hmac-sha1
+
+
# Rules for all hosts.
Host *
# Force protocol version 2 which is more secure (default).
Protocol 2
+# Use stronger algorithms. If some hosts require weaker versions then use Host
+# groups to enable them only for those specific machines.
+
+# Don't use SHA1 and disable elliptic curves whose security regarding the
+# parameters is still in debate.
+ KexAlgorithms diffie-hellman-group-exchange-sha256
+# Use stronger cipher versions. Disable CBC ciphers to prevent (unlikely)
+# plaintext recovery attack [1], disable RC4 because it's broken [2]; this
+# leaves only AES. No GCM ciphers yet because they are still very new.
+#
+# [1]: http://www.openssh.com/txt/cbc.adv
+# [2]: http://www.schneier.com/blog/archives/2013/03/new_rc4_attack.html
+ Ciphers aes256-ctr
+# Don't use weak MACs like MD5 or SHA1. However strong MACs are not as
+# important as strong ciphers because an attacker must be able to break a MAC
+# in real time to modify the data in transmit. Prefer "-etm" algorithms which
+# use encrypt-then-mac which is more secure than the default encrypt-and-mac
+# in SSH [1] (available since 6.2).
+#
+# [1]: http://cseweb.ucsd.edu/~mihir/papers/oem.html
+ MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
+# Disable DSA host keys because they are weak (only 1024 bit) and elliptic
+# curves. I don't need certificates, therefore disables those algorithms as
+# well (*-cert-*).
+ HostKeyAlgorithms ssh-rsa
+
# Disable X11 and agent forwarding for security reasons (defaults).
ForwardX11 no
ForwardAgent no
PasswordAuthentication yes
PubkeyAuthentication yes
+# Use only authentication identity files configured in ~/.ssh/config even if
+# ssh-agent offers more identities.
+ IdentitiesOnly yes
+
# Bind local forwardings to loopback only. This way no remote hosts can access
# them (default).
GatewayPorts no
# Allow using -M (ControlMaster) to create a master SSH session which
# "tunnels" other connections to the same host, thus reducing the number of
# authentications (which are relatively slow) and TCP connections. The master
-# sockets are stored in ~/.ssh (by default ControlPath is not set).
- ControlPath ~/.ssh/master-%l-%h-%p-%r
+# sockets are stored in ~/.ssh (by default ControlPath is not set). Using %r
+# (remote user name) might leak information to other users on the current
+# system (e.g. via netstat or lsof).
+ ControlPath ~/.ssh/master/%l-%h-%p-%r
# Automatically create a new master session if there's none yet or use an
# existing one. This way the user doesn't have to use -M to enable a master
# manually. Don't set this option to "yes" or all SSH commands try to become
# the master session which is obviously not possible.
ControlMaster auto
-
-# Hash hosts in ~/.ssh/known_hosts to try to conceal the known hosts. Doesn't
-# help if the ssh hosts are stored in the shell's history file or in this file
-# as shortcut.
- HashKnownHosts yes
+# When the connection for a master is closed (e.g. logout of remote shell),
+# move the master connection in the background. If there's no other active
+# connection using the master, close it after x seconds. This prevents the
+# client of the master connection from blocking because it waits for all
+# connections using it to terminate which is very annoying. The timeout
+# prevents stale master connections.
+ ControlPersist 10
# Don't permit running local commands (default).
PermitLocalCommand no
# Don't send any environment variables (default).
SendEnv
+# Don't hash any hosts in ~/.ssh/known_hosts. It doesn't help if the ssh hosts
+# are stored in the shell's history file or in this file as shortcut so it's
+# rather useless (default).
+ HashKnownHosts no
+
# Check host IP in known_hosts when connecting to detect DNS spoofing
# (default).
CheckHostIP yes
# Ask before adding any host keys to ~/.ssh/known_hosts (default).
StrictHostKeyChecking ask
+# Check host keys from DNS' SSHFP resource records but ask apply
+# StrictHostKeyChecking before trusting them.
+ VerifyHostKeyDNS ask