shell-things/.mikaela/ssh/config

81 lines
2.2 KiB
Plaintext
Raw Normal View History

2015-08-20 08:37:43 +02:00
# My SSH config. This does leak existense of some hosts where I have
# access, but they should require SSH key authentication anyway.
Host *
2015-09-06 07:15:17 +02:00
# Path for the control socket.
ControlPath ~/.ssh/sockets/socket-%r@%h:%p
2015-08-30 16:17:12 +02:00
# Multiple sessions over single connection
ControlMaster yes
2015-08-30 16:08:29 +02:00
# Keep connection open in the background even after connection has been
# closed.
2015-08-20 08:37:43 +02:00
ControlPersist yes
2015-08-30 16:08:29 +02:00
2015-08-20 08:37:43 +02:00
ForwardAgent no
ForwardX11 no
2015-08-30 16:08:29 +02:00
2015-08-30 16:17:12 +02:00
# Ensure KnownHosts are unreadable if leaked.
HashKnownHosts yes
2015-08-20 08:37:43 +02:00
LogLevel VERBOSE
Protocol 2
2015-08-30 16:08:29 +02:00
2015-09-06 07:15:17 +02:00
# Always try public key authentication.
2015-08-20 08:37:43 +02:00
PubkeyAuthentication yes
2015-08-30 16:08:29 +02:00
2015-09-12 10:42:44 +02:00
# Send needed environment variables. I don't like setting wildcards
# and LC_ALL is disabled on purpouse.
2015-09-12 10:45:42 +02:00
SendEnv EDITOR LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION TERM TZ
2015-09-05 22:46:00 +02:00
# If the server doesn't reply in three "pings", connection is dead.
2015-09-01 14:54:05 +02:00
# Defaults to 3 anyway, but I add it here for clearity and
# in case it decides to change in the future.
ServerAliveCountMax 3
# "ping" the server every minute.
2015-08-20 08:37:43 +02:00
ServerAliveInterval 60
2015-09-02 07:15:16 +02:00
# OpenSSH 6.8+ - ask all host keys from servers.
# I trust the server admins and ways to identify the keys (DNSSEC,
2015-09-06 07:15:17 +02:00
# manual).
2015-09-02 07:15:16 +02:00
UpdateHostKeys yes
# Workaround CVE-2016-0777 & CVE-0778 on OpenSSH < 7.1p2
UseRoaming no
2015-08-30 16:17:12 +02:00
# Verify SSHFP records. In case DNSSEC is used this skips the
# question on whether you trust the fingerprint or not.
2015-09-02 07:15:16 +02:00
# All my hosts run DNSSEC validating Unbound on localhost and use it
# for all DNS queries. Yours should too.
VerifyHostKeyDNS yes
2015-08-30 16:17:12 +02:00
2016-02-09 12:37:58 +01:00
Host aur.archlinux.org
User aur
2017-01-12 11:42:37 +01:00
Host ccx_shell
HostName ccx.webprojekty.cz
Port 24022
User mikaela
2015-08-20 08:37:43 +02:00
Host hilla
HostName hilla.kapsi.fi
2015-08-23 05:53:48 +02:00
User mikaela
2015-08-20 08:37:43 +02:00
Host lakka
HostName lakka.kapsi.fi
2015-08-23 05:53:48 +02:00
User mikaela
LocalForward 127.0.0.1:9001 127.0.0.1:30614
2015-08-20 08:37:43 +02:00
2015-09-01 16:14:06 +02:00
Host meetingology
HostName ubottu.com
User meetingology
2015-08-20 08:37:43 +02:00
Host synvaler
AddressFamily inet6
2015-08-30 16:17:12 +02:00
HostName synvaler.mikaela.info
2015-08-20 19:48:28 +02:00
User nemo
2015-08-23 05:53:48 +02:00
Host tezagm
HostName tezagm.mikaela.info
User mikaela
2015-08-30 16:17:12 +02:00