# My SSH config. This does leak existense of some hosts where I have
# access, but they should require SSH key authentication anyway.

Host *
    # Path for the control socket.
    ControlPath ~/.ssh/sockets/socket-%r@%h:%p
    # Multiple sessions over single connection
    ControlMaster yes
    # Keep connection open in the background even after connection has been
    # closed.
    ControlPersist yes

    ForwardAgent no
    ForwardX11 no

    # Ensure KnownHosts are unreadable if leaked.
    HashKnownHosts yes

    LogLevel VERBOSE
    Protocol 2

    # Always try public key authentication.
    PubkeyAuthentication yes

    # Send needed environment variables. I don't like setting wildcards
    # and LC_ALL is disabled on purpouse.
    SendEnv EDITOR LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION TERM TZ

    # If the server doesn't reply in three "pings", connection is dead.
    # Defaults to 3 anyway, but I add it here for clearity and
    # in case it decides to change in the future.
    ServerAliveCountMax 3

    # "ping" the server every minute.
    ServerAliveInterval 60

    # OpenSSH 6.8+ - ask all host keys from servers.
    # I trust the server admins and ways to identify the keys (DNSSEC,
    # manual).
    UpdateHostKeys yes

    # Workaround CVE-2016-0777 & CVE-0778 on OpenSSH < 7.1p2
    UseRoaming no

    # Verify SSHFP records. If this is yes, the question is skipped when
    # DNSSEC is used, but apparently only "ask" and "no" write known_hosts
    # However with "ask" you won't be told whether the zone is signed, so
    # I consider "yes" to be the least evil.
    VerifyHostKeyDNS yes

Host aur.archlinux.org
    User aur

Host ccx_shell
    HostName ccx.webprojekty.cz
    Port 24022
    User mikaela

Host hilla
    HostName hilla.kapsi.fi
    User mikaela

Host lakka
    HostName lakka.kapsi.fi
    User mikaela
    LocalForward 127.0.0.1:9001 127.0.0.1:30614

Host meetingology
    HostName ubottu.com
    User meetingology

Host synvaler
    AddressFamily inet6
    HostName synvaler.mikaela.info
    User nemo

Host tezagm
    HostName tezagm.mikaela.info
    User mikaela

