dotfiles/dot_ssh/config

67 lines
2.1 KiB
Text
Raw Permalink Normal View History

2022-01-27 16:00:02 +00:00
# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Port 22
# Defaults to allowing v1 which has known vulnerabilities
Protocol 2
# Almost always get a small win from compression,
# but we don't want to expend too much CPU on it either.
#Compression yes
#CompressionLevel 4
# Try and maintain a connection even if the server concerned
# is hiding behind a stateful firewall :-(
ServerAliveInterval 120
ServerAliveCountMax 3
ForwardAgent yes
ForwardX11 no
# Stops the operating system shipping an /etc/ssh/ssh_config
# which enables hashing, thereby making me quite angry!
HashKnownHosts no
# By default we emphasize on strong encryption, and use compression for a speed boost.
# An alias exists in ~/.bashrc for 'sshf' which tries to connect with a broader list of ciphers.
# Ciphers aes256-ctr,aes192-ctr,aes128-ctr
# Not using GSSAPI or Hostbased in any places...
PreferredAuthentications publickey,keyboard-interactive,password
# If a SSHFP entry exists in DNS, then we should trust it.
# If it doesn't then add to known_hosts since in 99% of cases
# we have no way to validate good vs. bad anyway!
# Future attempts to connect will spot any changes to fingerprint.
VerifyHostKeyDNS yes
StrictHostKeyChecking no
# More likely to notice changes in this than a hex fingerprint!
VisualHostKey yes
#SendEnv LANG LC_*
IdentitiesOnly yes
Include ~/./ssh/cred_config
Host *
AddKeysToAgent 60m