X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=ssh_config;h=818f599b6ab5f03db24866405b42a6cbb7365eb1;hb=da5c4d23313e75ade3d971dab90e9d3f0a94dd1d;hp=be03a42673df4647a24d8e075112a01054a201bc;hpb=a762bccfe57f7b57e96af63130bb8da338c5e0fe;p=config%2Fdotfiles.git

diff --git a/ssh_config b/ssh_config
index be03a42..818f599 100644
--- a/ssh_config
+++ b/ssh_config
@@ -29,16 +29,25 @@
 # Rules for all hosts.
 Host *
 
-# Force protocol version 2 which is more secure.
+# Force protocol version 2 which is more secure (default).
     Protocol 2
 
-# Disable X11 and agent forwarding for security reasons.
+# Disable X11 and agent forwarding for security reasons (defaults).
     ForwardX11 no
     ForwardAgent no
 # Don't trust remote X11 clients. If enabled allows bad admins complete access
 # to local X11!
     ForwardX11Trusted no
 
+# Disable authentication methods I don't use.
+    ChallengeResponseAuthentication no
+    GSSAPIAuthentication no
+    HostbasedAuthentication no
+    KbdInteractiveAuthentication no
+# Only enable those I need.
+    PasswordAuthentication yes
+    PubkeyAuthentication yes
+
 # Abort if not all requested port forwardings can be set up.
     ExitOnForwardFailure yes
 
@@ -53,13 +62,14 @@ Host *
 # as shortcut.
     HashKnownHosts yes
 
-# Don't permit running local commands.
+# Don't permit running local commands (default).
     PermitLocalCommand no
 
-# Don't send any environment variables.
+# Don't send any environment variables (default).
     SendEnv
 
-# Check host IP in known_hosts when connecting to detect DNS spoofing.
+# Check host IP in known_hosts when connecting to detect DNS spoofing
+# (default).
     CheckHostIP yes
-# Ask before adding any host keys to ~/.ssh/known_hosts.
+# Ask before adding any host keys to ~/.ssh/known_hosts (default).
     StrictHostKeyChecking ask