# My SSH config. This does leak existense of some hosts where I have # access, but they should require SSH key authentication anyway. Host * # Path for the control socket. ControlPath /tmp/SSH_%u-%r.%h.%p # Multiple sessions over single connection ControlMaster yes # Keep connection open in the background even after connection has been # closed. ControlPersist yes ForwardAgent no ForwardX11 no # Ensure KnownHosts are unreadable if leaked. HashKnownHosts yes LogLevel VERBOSE Protocol 2 # Always try public key authentication. PubkeyAuthentication yes # Send needed environment variables. I don't like setting wildcards # and LC_ALL is disabled on purpouse. SendEnv EDITOR LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION TERM TZ # If the server doesn't reply in three "pings", connection is dead. # Defaults to 3 anyway, but I add it here for clearity and # in case it decides to change in the future. ServerAliveCountMax 3 # "ping" the server every minute. ServerAliveInterval 60 # OpenSSH 6.8+ - ask all host keys from servers. # I trust the server admins and ways to identify the keys (DNSSEC, # manual). UpdateHostKeys yes # Workaround CVE-2016-0777 & CVE-0778 on OpenSSH < 7.1p2 UseRoaming no # Verify SSHFP records. In case DNSSEC is used this skips the # question on whether you trust the fingerprint or not. # All my hosts run DNSSEC validating Unbound on localhost and use it # for all DNS queries. Yours should too. VerifyHostKeyDNS yes Host aur.archlinux.org User aur Host ccx_shell HostName ccx.webprojekty.cz Port 24022 User mikaela Host hilla HostName hilla.kapsi.fi User mikaela Host lakka HostName lakka.kapsi.fi User mikaela LocalForward 127.0.0.1:9001 127.0.0.1:30614 Host meetingology HostName ubottu.com User meetingology Host synvaler AddressFamily inet6 HostName synvaler.mikaela.info User nemo Host tezagm HostName tezagm.mikaela.info User mikaela