X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=ssh_config;h=818f599b6ab5f03db24866405b42a6cbb7365eb1;hb=da5c4d23313e75ade3d971dab90e9d3f0a94dd1d;hp=62babfce373192a98a322c11f2018991b53df91d;hpb=be84282735ce577b629d70b80e757f2a2ad5a32e;p=config%2Fdotfiles.git diff --git a/ssh_config b/ssh_config index 62babfc..818f599 100644 --- a/ssh_config +++ b/ssh_config @@ -1,6 +1,9 @@ # SSH configuration file. +# +# Some options are set even if they are default to prevent /etc/ssh/ssh_config +# from overwriting them. -# Copyright (C) 2011-2012 Simon Ruderich +# Copyright (C) 2011-2013 Simon Ruderich # # This file is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -26,28 +29,47 @@ # Rules for all hosts. Host * -# Force protocol version 2 which is more secure. +# Force protocol version 2 which is more secure (default). Protocol 2 -# Disable X11 and agent forwarding for security reasons. +# Disable X11 and agent forwarding for security reasons (defaults). ForwardX11 no ForwardAgent no # Don't trust remote X11 clients. If enabled allows bad admins complete access # to local X11! ForwardX11Trusted no +# Disable authentication methods I don't use. + ChallengeResponseAuthentication no + GSSAPIAuthentication no + HostbasedAuthentication no + KbdInteractiveAuthentication no +# Only enable those I need. + PasswordAuthentication yes + PubkeyAuthentication yes + +# Abort if not all requested port forwardings can be set up. + ExitOnForwardFailure yes + # Allow using -M (ControlMaster) to create a master SSH session which # "tunnels" other connections to the same host, thus reducing the number of -# authentications (which are relatively slow) and TCP connections. +# authentications (which are relatively slow) and TCP connections. The master +# sockets are stored in ~/.ssh (by default ControlPath is not set). ControlPath ~/.ssh/master-%l-%h-%p-%r -# Abort if not all requested port forwardings can be set up. - ExitOnForwardFailure yes +# Hash hosts in ~/.ssh/known_hosts to try to conceal the known hosts. Doesn't +# help if the ssh hosts are stored in the shell's history file or in this file +# as shortcut. + HashKnownHosts yes + +# Don't permit running local commands (default). + PermitLocalCommand no -# Don't send any environment variables. +# Don't send any environment variables (default). SendEnv -# Check host IP in known_hosts when connecting to detect DNS spoofing. +# Check host IP in known_hosts when connecting to detect DNS spoofing +# (default). CheckHostIP yes -# Ask before adding any host keys to ~/.ssh/known_hosts. +# Ask before adding any host keys to ~/.ssh/known_hosts (default). StrictHostKeyChecking ask