X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=ssh_config;h=4f239be572edbac120dd58546a799d8193962098;hb=3a9f556f39e03f6a8d5142140fe60e40ed39f5c0;hp=818f599b6ab5f03db24866405b42a6cbb7365eb1;hpb=30221b1831e26544462b6d851202dd7e94a2ad90;p=config%2Fdotfiles.git

diff --git a/ssh_config b/ssh_config
index 818f599..4f239be 100644
--- a/ssh_config
+++ b/ssh_config
@@ -48,14 +48,35 @@ Host *
     PasswordAuthentication yes
     PubkeyAuthentication yes
 
+# Use only authentication identity files configured in ~/.ssh/config even if
+# ssh-agent offers more identities.
+    IdentitiesOnly yes
+
+# Bind local forwardings to loopback only. This way no remote hosts can access
+# them (default).
+    GatewayPorts no
 # Abort if not all requested port forwardings can be set up.
     ExitOnForwardFailure yes
 
 # Allow using -M (ControlMaster) to create a master SSH session which
 # "tunnels" other connections to the same host, thus reducing the number of
 # authentications (which are relatively slow) and TCP connections. The master
-# sockets are stored in ~/.ssh (by default ControlPath is not set).
+# sockets are stored in ~/.ssh (by default ControlPath is not set). Using %r
+# (remote user name) might leak information to other users on the current
+# system (e.g. via netstat or lsof).
     ControlPath ~/.ssh/master-%l-%h-%p-%r
+# Automatically create a new master session if there's none yet or use an
+# existing one. This way the user doesn't have to use -M to enable a master
+# manually. Don't set this option to "yes" or all SSH commands try to become
+# the master session which is obviously not possible.
+    ControlMaster auto
+# When the connection for a master is closed (e.g. logout of remote shell),
+# move the master connection in the background. If there's no other active
+# connection using the master, close it after x seconds. This prevents the
+# client of the master connection from blocking because it waits for all
+# connections using it to terminate which is very annoying. The timeout
+# prevents stale master connections.
+    ControlPersist 10
 
 # Hash hosts in ~/.ssh/known_hosts to try to conceal the known hosts. Doesn't
 # help if the ssh hosts are stored in the shell's history file or in this file