2015-08-20 08:37:43 +02:00
|
|
|
# My SSH config. This does leak existense of some hosts where I have
|
|
|
|
|
# access, but they should require SSH key authentication anyway.
|
|
|
|
|
|
|
|
|
|
Host *
|
2015-09-06 07:15:17 +02:00
|
|
|
# Path for the control socket.
|
2018-10-07 19:54:41 +02:00
|
|
|
ControlPath ~/.ssh/sockets/socket-%r@%h:%p
|
2015-08-30 16:17:12 +02:00
|
|
|
# Multiple sessions over single connection
|
|
|
|
|
ControlMaster yes
|
2018-10-11 12:45:31 +02:00
|
|
|
# Keep connection open in the background even after connection has been
|
|
|
|
|
# closed.
|
|
|
|
|
ControlPersist yes
|
2015-08-30 16:08:29 +02:00
|
|
|
|
2015-08-20 08:37:43 +02:00
|
|
|
ForwardAgent no
|
|
|
|
|
ForwardX11 no
|
2015-08-30 16:08:29 +02:00
|
|
|
|
2015-08-30 16:17:12 +02:00
|
|
|
# Ensure KnownHosts are unreadable if leaked.
|
|
|
|
|
HashKnownHosts yes
|
|
|
|
|
|
2015-08-20 08:37:43 +02:00
|
|
|
LogLevel VERBOSE
|
|
|
|
|
Protocol 2
|
2015-08-30 16:08:29 +02:00
|
|
|
|
2015-09-06 07:15:17 +02:00
|
|
|
# Always try public key authentication.
|
2015-08-20 08:37:43 +02:00
|
|
|
PubkeyAuthentication yes
|
2015-08-30 16:08:29 +02:00
|
|
|
|
2015-09-12 10:42:44 +02:00
|
|
|
# Send needed environment variables. I don't like setting wildcards
|
|
|
|
|
# and LC_ALL is disabled on purpouse.
|
2015-09-12 10:45:42 +02:00
|
|
|
SendEnv EDITOR LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION TERM TZ
|
2015-09-05 22:46:00 +02:00
|
|
|
|
2016-01-14 15:59:18 +01:00
|
|
|
# If the server doesn't reply in three "pings", connection is dead.
|
2015-09-01 14:54:05 +02:00
|
|
|
# Defaults to 3 anyway, but I add it here for clearity and
|
|
|
|
|
# in case it decides to change in the future.
|
|
|
|
|
ServerAliveCountMax 3
|
|
|
|
|
|
|
|
|
|
# "ping" the server every minute.
|
2015-08-20 08:37:43 +02:00
|
|
|
ServerAliveInterval 60
|
|
|
|
|
|
2015-09-02 07:15:16 +02:00
|
|
|
# OpenSSH 6.8+ - ask all host keys from servers.
|
|
|
|
|
# I trust the server admins and ways to identify the keys (DNSSEC,
|
2015-09-06 07:15:17 +02:00
|
|
|
# manual).
|
2015-09-02 07:15:16 +02:00
|
|
|
UpdateHostKeys yes
|
|
|
|
|
|
2016-01-14 19:37:51 +01:00
|
|
|
# Workaround CVE-2016-0777 & CVE-0778 on OpenSSH < 7.1p2
|
2016-01-14 15:44:27 +01:00
|
|
|
UseRoaming no
|
|
|
|
|
|
2019-05-09 17:44:36 +02:00
|
|
|
# Verify SSHFP records. If this is yes, the question is skipped when
|
|
|
|
|
# DNSSEC is used, but apparently only "ask" and "no" write known_hosts
|
|
|
|
|
# However with "ask" you won't be told whether the zone is signed, so
|
|
|
|
|
# I consider "yes" to be the least evil.
|
2019-05-10 23:58:00 +02:00
|
|
|
VerifyHostKeyDNS yes
|
2015-08-30 16:17:12 +02:00
|
|
|
|
2016-02-09 12:37:58 +01:00
|
|
|
Host aur.archlinux.org
|
|
|
|
|
User aur
|
|
|
|
|
|
2017-01-12 11:42:37 +01:00
|
|
|
Host ccx_shell
|
|
|
|
|
HostName ccx.webprojekty.cz
|
|
|
|
|
Port 24022
|
|
|
|
|
User mikaela
|
|
|
|
|
|
2015-08-20 08:37:43 +02:00
|
|
|
Host hilla
|
|
|
|
|
HostName hilla.kapsi.fi
|
2015-08-23 05:53:48 +02:00
|
|
|
User mikaela
|
2015-08-20 08:37:43 +02:00
|
|
|
|
|
|
|
|
Host lakka
|
|
|
|
|
HostName lakka.kapsi.fi
|
2015-08-23 05:53:48 +02:00
|
|
|
User mikaela
|
2017-03-08 20:02:11 +01:00
|
|
|
LocalForward 127.0.0.1:9001 127.0.0.1:30614
|
2015-08-20 08:37:43 +02:00
|
|
|
|
2015-09-01 16:14:06 +02:00
|
|
|
Host meetingology
|
|
|
|
|
HostName ubottu.com
|
|
|
|
|
User meetingology
|
|
|
|
|
|
2015-08-20 08:37:43 +02:00
|
|
|
Host synvaler
|
|
|
|
|
AddressFamily inet6
|
2015-08-30 16:17:12 +02:00
|
|
|
HostName synvaler.mikaela.info
|
2015-08-20 19:48:28 +02:00
|
|
|
User nemo
|
2015-08-23 05:53:48 +02:00
|
|
|
|
|
|
|
|
Host tezagm
|
|
|
|
|
HostName tezagm.mikaela.info
|
|
|
|
|
User mikaela
|
2015-08-30 16:17:12 +02:00
|
|
|
|
