mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2025-02-03 08:14:02 +01:00
etc/ssh/ssh_config: retab
This commit is contained in:
parent
bb006d34d2
commit
5ee54038de
SSH Key Fingerprint:
SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
@ -7,61 +7,61 @@ Include ~/.ssh/config.d/*.conf
|
|||||||
Include /etc/ssh/ssh_config.d/*.conf
|
Include /etc/ssh/ssh_config.d/*.conf
|
||||||
|
|
||||||
Host *
|
Host *
|
||||||
# Path for the control socket.
|
# Path for the control socket.
|
||||||
ControlPath ~/.ssh/sockets/socket-%r@%h:%p
|
ControlPath ~/.ssh/sockets/socket-%r@%h:%p
|
||||||
# Multiple sessions over single connection
|
# Multiple sessions over single connection
|
||||||
ControlMaster yes
|
ControlMaster yes
|
||||||
# Keep connection open in the background even after connection has been
|
# Keep connection open in the background even after connection has been
|
||||||
# closed.
|
# closed.
|
||||||
ControlPersist yes
|
ControlPersist yes
|
||||||
|
|
||||||
# SSH Agent forwarding is behind a lot of security breaches, never do it
|
# SSH Agent forwarding is behind a lot of security breaches, never do it
|
||||||
# Most recently https://github.com/matrix-org/matrix.org/issues/371
|
# Most recently https://github.com/matrix-org/matrix.org/issues/371
|
||||||
ForwardAgent no
|
ForwardAgent no
|
||||||
# Never do that either https://security.stackexchange.com/a/14817/234532
|
# Never do that either https://security.stackexchange.com/a/14817/234532
|
||||||
ForwardX11 no
|
ForwardX11 no
|
||||||
|
|
||||||
# Debian sets this as yes, upstream no. TODO: What is it?
|
# Debian sets this as yes, upstream no. TODO: What is it?
|
||||||
#GSSAPIAuthentication yes
|
#GSSAPIAuthentication yes
|
||||||
|
|
||||||
# Ensure KnownHosts are unreadable if leaked.
|
# Ensure KnownHosts are unreadable if leaked.
|
||||||
HashKnownHosts yes
|
HashKnownHosts yes
|
||||||
|
|
||||||
LogLevel VERBOSE
|
LogLevel VERBOSE
|
||||||
Protocol 2
|
Protocol 2
|
||||||
|
|
||||||
# Tor through openbsd netcat (Fedora: netcat)
|
# Tor through openbsd netcat (Fedora: netcat)
|
||||||
ProxyCommand netcat -X 5 -x localhost:9050 %h %p
|
ProxyCommand netcat -X 5 -x localhost:9050 %h %p
|
||||||
|
|
||||||
# Always try public key authentication.
|
# Always try public key authentication.
|
||||||
PubkeyAuthentication yes
|
PubkeyAuthentication yes
|
||||||
|
|
||||||
# Send needed environment variables. I don't like setting wildcards
|
# Send needed environment variables. I don't like setting wildcards
|
||||||
# and LC_ALL is disabled on purpouse.
|
# and LC_ALL is disabled on purpouse.
|
||||||
SendEnv EDITOR LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION TERM TZ
|
SendEnv EDITOR LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION TERM TZ
|
||||||
|
|
||||||
# If the server doesn't reply in three "pings", connection is dead.
|
# If the server doesn't reply in three "pings", connection is dead.
|
||||||
# Defaults to 3 anyway, but I add it here for clearity and
|
# Defaults to 3 anyway, but I add it here for clearity and
|
||||||
# in case it decides to change in the future.
|
# in case it decides to change in the future.
|
||||||
ServerAliveCountMax 3
|
ServerAliveCountMax 3
|
||||||
|
|
||||||
# "ping" the server every minute.
|
# "ping" the server every minute.
|
||||||
ServerAliveInterval 60
|
ServerAliveInterval 60
|
||||||
|
|
||||||
# OpenSSH 6.8+ - ask all host keys from servers.
|
# OpenSSH 6.8+ - ask all host keys from servers.
|
||||||
# I trust the server admins and ways to identify the keys (DNSSEC,
|
# I trust the server admins and ways to identify the keys (DNSSEC,
|
||||||
# manual).
|
# manual).
|
||||||
UpdateHostKeys yes
|
UpdateHostKeys yes
|
||||||
|
|
||||||
# Workaround CVE-2016-0777 & CVE-0778 on OpenSSH < 7.1p2
|
# Workaround CVE-2016-0777 & CVE-0778 on OpenSSH < 7.1p2
|
||||||
UseRoaming no
|
UseRoaming no
|
||||||
|
|
||||||
# Verify SSHFP records. If this is yes, the question is skipped when
|
# Verify SSHFP records. If this is yes, the question is skipped when
|
||||||
# DNSSEC is used, but apparently only "ask" and "no" write known_hosts
|
# DNSSEC is used, but apparently only "ask" and "no" write known_hosts
|
||||||
# However with "ask" you won't be told whether the zone is signed, so
|
# However with "ask" you won't be told whether the zone is signed, so
|
||||||
# I consider "yes" to be the least evil.
|
# I consider "yes" to be the least evil.
|
||||||
VerifyHostKeyDNS yes
|
VerifyHostKeyDNS yes
|
||||||
|
|
||||||
# Display key ascii art on connection. Makes noticing changed keys easier,
|
# Display key ascii art on connection. Makes noticing changed keys easier,
|
||||||
# although it's ambiguous and similar pattern may go past unnoticed.
|
# although it's ambiguous and similar pattern may go past unnoticed.
|
||||||
VisualHostKey yes
|
VisualHostKey yes
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user