# /etc/ssh/ssh_config - at least the Arch default was full of comments # so I think it makes more sense if I just paste my normal config here # without host specific options. Host * # Path for the control socket ControlPath /tmp/SSH_%u-%r.%h.%p # Multiple sessions over single connection ControlMaster yes # Keep connection open in the background even after connection has been # closed. ControlPersist yes ForwardAgent no ForwardX11 no # Ensure KnownHosts are unreadable if leaked. HashKnownHosts yes LogLevel VERBOSE Protocol 2 # Always try public key authentication PubkeyAuthentication yes # Send LANG and LC_* environment variables to the server SendEnv LANG LC_* # If the server doesn't reply in "three" pings, connection is dead. # Defaults to 3 anyway, but I add it here for clearity and # in case it decides to change in the future. ServerAliveCountMax 3 # "ping" the server every minute. ServerAliveInterval 60 # OpenSSH 6.8+ - ask all host keys from servers. # I trust the server admins and ways to identify the keys (DNSSEC, # manual) UpdateHostKeys yes # Verify SSHFP records. In case DNSSEC is used this skips the # question on whether you trust the fingerprint or not. # All my hosts run DNSSEC validating Unbound on localhost and use it # for all DNS queries. Yours should too. VerifyHostKeyDNS yes