# My SSH config. This does leak existense of some hosts where I have
# access, but they should require SSH key authentication anyway.

Host *
    # Path for the control socket.
    ControlPath /tmp/SSH_%u-%r.%h.%p
    # Multiple sessions over single connection
    ControlMaster yes
    # Keep connection open in the background even after connection has been
    # closed.
    ControlPersist yes

    ForwardAgent no
    ForwardX11 no

    # Ensure KnownHosts are unreadable if leaked.
    HashKnownHosts yes

    LogLevel VERBOSE
    Protocol 2

    # Always try public key authentication.
    PubkeyAuthentication yes

    # Send needed environment variables. I don't like setting wildcards
    # and LC_ALL is disabled on purpouse.
    SendEnv EDITOR LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION TERM TZ

    # If the server doesn't reply in "three" pings, connection is dead.
    # Defaults to 3 anyway, but I add it here for clearity and
    # in case it decides to change in the future.
    ServerAliveCountMax 3

    # "ping" the server every minute.
    ServerAliveInterval 60

    # OpenSSH 6.8+ - ask all host keys from servers.
    # I trust the server admins and ways to identify the keys (DNSSEC,
    # manual).
    UpdateHostKeys yes

    # Verify SSHFP records. In case DNSSEC is used this skips the
    # question on whether you trust the fingerprint or not.
    # All my hosts run DNSSEC validating Unbound on localhost and use it
    # for all DNS queries. Yours should too.
    VerifyHostKeyDNS yes

Host hilla
    HostName hilla.kapsi.fi
    User mikaela

Host lakka
    HostName lakka.kapsi.fi
    User mikaela

Host meetingology
    HostName ubottu.com
    User meetingology

Host synvaler
    AddressFamily inet6
    HostName synvaler.mikaela.info
    User nemo

Host tezagm
    HostName tezagm.mikaela.info
    User mikaela

Host vardiera
    HostName vardiera.mikaela.info
    User mikaela