shell-things/etc/ssh/ssh_config

# /etc/ssh/ssh_config - at least the Arch default was full of comments
# so I think it makes more sense if I just paste my normal config here
# without host specific options.

Host *
    # Path for the control socket.
    ControlPath /tmp/SSH_%u-%r.%h.%p
    # Multiple sessions over single connection
    ControlMaster yes
    # Keep connection open in the background even after connection has been
    # closed.
    ControlPersist yes

    ForwardAgent no
    ForwardX11 no

    # Ensure KnownHosts are unreadable if leaked.
    HashKnownHosts yes

    LogLevel VERBOSE
    Protocol 2

    # Always try public key authentication.
    PubkeyAuthentication yes

    # Send needed environment variables. I don't like setting wildcards
    # and LC_ALL is disabled on purpouse.
    SendEnv EDITOR LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION TERM TZ

    # If the server doesn't reply in three "pings", connection is dead.
    # Defaults to 3 anyway, but I add it here for clearity and
    # in case it decides to change in the future.
    ServerAliveCountMax 3

    # "ping" the server every minute.
    ServerAliveInterval 60

    # OpenSSH 6.8+ - ask all host keys from servers.
    # I trust the server admins and ways to identify the keys (DNSSEC,
    # manual).
    UpdateHostKeys yes

    # Add undocumented "UseRoaming no" to ssh_config or use
    # "-oUseRoaming=no" to prevent upcoming #openssh client bug
    # CVE-2016-0777. More later.
    # ~~ https://twitter.com/msfriedl/status/687635945642967040
    UseRoaming no

    # Verify SSHFP records. In case DNSSEC is used this skips the
    # question on whether you trust the fingerprint or not.
    # All my hosts run DNSSEC validating Unbound on localhost and use it
    # for all DNS queries. Yours should too.
    VerifyHostKeyDNS yes
etc/ssh: add ssh_config 2015-09-01 15:48:27 +02:00			`# /etc/ssh/ssh_config - at least the Arch default was full of comments`
			`# so I think it makes more sense if I just paste my normal config here`
			`# without host specific options.`

			`Host *`
ssh_config: fix comments 2015-09-06 07:15:17 +02:00			`# Path for the control socket.`
etc/ssh: add ssh_config 2015-09-01 15:48:27 +02:00			`ControlPath /tmp/SSH_%u-%r.%h.%p`
			`# Multiple sessions over single connection`
			`ControlMaster yes`
			`# Keep connection open in the background even after connection has been`
			`# closed.`
			`ControlPersist yes`

			`ForwardAgent no`
			`ForwardX11 no`

			`# Ensure KnownHosts are unreadable if leaked.`
			`HashKnownHosts yes`

			`LogLevel VERBOSE`
			`Protocol 2`

ssh_config: fix comments 2015-09-06 07:15:17 +02:00			`# Always try public key authentication.`
etc/ssh: add ssh_config 2015-09-01 15:48:27 +02:00			`PubkeyAuthentication yes`

ssh: send/accept also TZ TERM 2015-09-12 10:42:44 +02:00			`# Send needed environment variables. I don't like setting wildcards`
			`# and LC_ALL is disabled on purpouse.`
ssh: also send EDITOR 2015-09-12 10:45:42 +02:00			`SendEnv EDITOR LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION TERM TZ`
ssh_config: SendEnv LANG LC_* 2015-09-05 22:46:00 +02:00
ssh_config: fix comments 2015-09-06 07:15:17 +02:00			`# If the server doesn't reply in three "pings", connection is dead.`
etc/ssh: add ssh_config 2015-09-01 15:48:27 +02:00			`# Defaults to 3 anyway, but I add it here for clearity and`
			`# in case it decides to change in the future.`
			`ServerAliveCountMax 3`

			`# "ping" the server every minute.`
			`ServerAliveInterval 60`

ssh_config: add UpdateHostKeys yes 2015-09-02 07:15:16 +02:00			`# OpenSSH 6.8+ - ask all host keys from servers.`
			`# I trust the server admins and ways to identify the keys (DNSSEC,`
unify the two ssh_config files (fix typos) 2016-01-14 15:59:18 +01:00			`# manual).`
ssh_config: add UpdateHostKeys yes 2015-09-02 07:15:16 +02:00			`UpdateHostKeys yes`

ssh_config: add "UseRoaming no" https://twitter.com/msfriedl/status/687635945642967040 2016-01-14 15:44:27 +01:00			`# Add undocumented "UseRoaming no" to ssh_config or use`
			`# "-oUseRoaming=no" to prevent upcoming #openssh client bug`
			`# CVE-2016-0777. More later.`
			`# ~~ https://twitter.com/msfriedl/status/687635945642967040`
			`UseRoaming no`

etc/ssh: add ssh_config 2015-09-01 15:48:27 +02:00			`# Verify SSHFP records. In case DNSSEC is used this skips the`
			`# question on whether you trust the fingerprint or not.`
ssh_config: add UpdateHostKeys yes 2015-09-02 07:15:16 +02:00			`# All my hosts run DNSSEC validating Unbound on localhost and use it`
			`# for all DNS queries. Yours should too.`
			`VerifyHostKeyDNS yes`