71 lines
1.8 KiB
Plaintext
71 lines
1.8 KiB
Plaintext
# My SSH config. This does leak existense of some hosts where I have
|
|
# access, but they should require SSH key authentication anyway.
|
|
|
|
Host *
|
|
# Path for the control socket.
|
|
ControlPath /tmp/SSH_%u-%r.%h.%p
|
|
# Multiple sessions over single connection
|
|
ControlMaster yes
|
|
# Keep connection open in the background even after connection has been
|
|
# closed.
|
|
ControlPersist yes
|
|
|
|
ForwardAgent no
|
|
ForwardX11 no
|
|
|
|
# Ensure KnownHosts are unreadable if leaked.
|
|
HashKnownHosts yes
|
|
|
|
LogLevel VERBOSE
|
|
Protocol 2
|
|
|
|
# Always try public key authentication.
|
|
PubkeyAuthentication yes
|
|
|
|
# Send LANG, LANGUAGE and LC_* environment variables to the server.
|
|
SendEnv LANG LANGUAGE LC_*
|
|
|
|
# If the server doesn't reply in "three" pings, connection is dead.
|
|
# Defaults to 3 anyway, but I add it here for clearity and
|
|
# in case it decides to change in the future.
|
|
ServerAliveCountMax 3
|
|
|
|
# "ping" the server every minute.
|
|
ServerAliveInterval 60
|
|
|
|
# OpenSSH 6.8+ - ask all host keys from servers.
|
|
# I trust the server admins and ways to identify the keys (DNSSEC,
|
|
# manual).
|
|
UpdateHostKeys yes
|
|
|
|
# Verify SSHFP records. In case DNSSEC is used this skips the
|
|
# question on whether you trust the fingerprint or not.
|
|
# All my hosts run DNSSEC validating Unbound on localhost and use it
|
|
# for all DNS queries. Yours should too.
|
|
VerifyHostKeyDNS yes
|
|
|
|
Host hilla
|
|
HostName hilla.kapsi.fi
|
|
User mikaela
|
|
|
|
Host lakka
|
|
HostName lakka.kapsi.fi
|
|
User mikaela
|
|
|
|
Host meetingology
|
|
HostName ubottu.com
|
|
User meetingology
|
|
|
|
Host synvaler
|
|
AddressFamily inet6
|
|
HostName synvaler.mikaela.info
|
|
User nemo
|
|
|
|
Host tezagm
|
|
HostName tezagm.mikaela.info
|
|
User mikaela
|
|
|
|
Host verdarik
|
|
HostName verdarik.mikaela.info
|
|
User mikaela
|