# /etc/ssh/ssh_config - at least the Arch default was full of comments
# so I think it makes more sense if I just paste my normal config here
# without host specific options.

Host *
    # Path for the control socket.
    ControlPath /tmp/SSH_%u-%r.%h.%p
    # Multiple sessions over single connection
    ControlMaster yes
    # Keep connection open in the background even after connection has been
    # closed.
    ControlPersist yes

    ForwardAgent no
    ForwardX11 no

    # Ensure KnownHosts are unreadable if leaked.
    HashKnownHosts yes

    LogLevel VERBOSE
    Protocol 2

    # Always try public key authentication.
    PubkeyAuthentication yes

    # Send needed environment variables. I don't like setting wildcards
    # and LC_ALL is disabled on purpouse.
    SendEnv EDITOR LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION TERM TZ

    # If the server doesn't reply in three "pings", connection is dead.
    # Defaults to 3 anyway, but I add it here for clearity and
    # in case it decides to change in the future.
    ServerAliveCountMax 3

    # "ping" the server every minute.
    ServerAliveInterval 60

    # OpenSSH 6.8+ - ask all host keys from servers.
    # I trust the server admins and ways to identify the keys (DNSSEC,
    # manual)
    UpdateHostKeys yes

    # Verify SSHFP records. In case DNSSEC is used this skips the
    # question on whether you trust the fingerprint or not.
    # All my hosts run DNSSEC validating Unbound on localhost and use it
    # for all DNS queries. Yours should too.
    VerifyHostKeyDNS yes