mirror of
				https://gitea.blesmrt.net/mikaela/shell-things.git
				synced 2025-10-26 23:07:22 +01:00 
			
		
		
		
	
		
			
				
	
	
		
			51 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			51 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| # /etc/ssh/ssh_config - at least the Arch default was full of comments
 | |
| # so I think it makes more sense if I just paste my normal config here
 | |
| # without host specific options.
 | |
| 
 | |
| Host *
 | |
|     # Path for the control socket.
 | |
|     ControlPath ~/.ssh/sockets/socket-%r@%h:%p
 | |
|     # Multiple sessions over single connection
 | |
|     ControlMaster yes
 | |
|     # Keep connection open in the background even after connection has been
 | |
|     # closed.
 | |
|     ControlPersist yes
 | |
| 
 | |
|     ForwardAgent no
 | |
|     ForwardX11 no
 | |
| 
 | |
|     # Ensure KnownHosts are unreadable if leaked.
 | |
|     HashKnownHosts yes
 | |
| 
 | |
|     LogLevel VERBOSE
 | |
|     Protocol 2
 | |
| 
 | |
|     # Always try public key authentication.
 | |
|     PubkeyAuthentication yes
 | |
| 
 | |
|     # Send needed environment variables. I don't like setting wildcards
 | |
|     # and LC_ALL is disabled on purpouse.
 | |
|     SendEnv EDITOR LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION TERM TZ
 | |
| 
 | |
|     # If the server doesn't reply in three "pings", connection is dead.
 | |
|     # Defaults to 3 anyway, but I add it here for clearity and
 | |
|     # in case it decides to change in the future.
 | |
|     ServerAliveCountMax 3
 | |
| 
 | |
|     # "ping" the server every minute.
 | |
|     ServerAliveInterval 60
 | |
| 
 | |
|     # OpenSSH 6.8+ - ask all host keys from servers.
 | |
|     # I trust the server admins and ways to identify the keys (DNSSEC,
 | |
|     # manual).
 | |
|     UpdateHostKeys yes
 | |
| 
 | |
|     # Workaround CVE-2016-0777 & CVE-0778 on OpenSSH < 7.1p2
 | |
|     UseRoaming no
 | |
| 
 | |
|     # Verify SSHFP records. If this is yes, the question is skipped when
 | |
|     # DNSSEC is used, but apparently only "ask" and "no" write known_hosts
 | |
|     # However with "ask" you won't be told whether the zone is signed, so
 | |
|     # I consider "yes" to be the least evil.
 | |
|     VerifyHostKeyDNS yes
 |