# My SSH config. This does leak existense of some hosts where I have # access, but they should require SSH key authentication anyway. Host * # Path for the control socket ControlPath /tmp/SSH_%u-%r.%h.%p # Multiple sessions over single connection ControlMaster yes # Keep connection open in the background even after connection has been # closed. ControlPersist yes ForwardAgent no ForwardX11 no # Ensure KnownHosts are unreadable if leaked. HashKnownHosts yes LogLevel VERBOSE Protocol 2 # Always try public key authentication PubkeyAuthentication yes # Send LANG and LC_* environment variables to the server. SendEnv LANG LC_* # If the server doesn't reply in "three" pings, connection is dead. # Defaults to 3 anyway, but I add it here for clearity and # in case it decides to change in the future. ServerAliveCountMax 3 # "ping" the server every minute. ServerAliveInterval 60 # OpenSSH 6.8+ - ask all host keys from servers. # I trust the server admins and ways to identify the keys (DNSSEC, # manual) UpdateHostKeys yes # Verify SSHFP records. In case DNSSEC is used this skips the # question on whether you trust the fingerprint or not. # All my hosts run DNSSEC validating Unbound on localhost and use it # for all DNS queries. Yours should too. VerifyHostKeyDNS yes Host hilla HostName hilla.kapsi.fi User mikaela Host lakka HostName lakka.kapsi.fi User mikaela Host meetingology HostName ubottu.com User meetingology Host synvaler AddressFamily inet6 HostName synvaler.mikaela.info User nemo Host tezagm HostName tezagm.mikaela.info User mikaela Host verdarik HostName verdarik.mikaela.info User mikaela