dotfiles/dot_ssh/config

#	$OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for some commonly used options.  For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.

Port 22

# Defaults to allowing v1 which has known vulnerabilities
Protocol 2

# Almost always get a small win from compression,
# but we don't want to expend too much CPU on it either.
#Compression yes
#CompressionLevel 4

# Try and maintain a connection even if the server concerned
# is hiding behind a stateful firewall :-(
ServerAliveInterval 120
ServerAliveCountMax 3

ForwardAgent yes
ForwardX11 no

# Stops the operating system shipping an /etc/ssh/ssh_config
# which enables hashing, thereby making me quite angry!
HashKnownHosts no

# By default we emphasize on strong encryption, and use compression for a speed boost.
# An alias exists in ~/.bashrc for 'sshf' which tries to connect with a broader list of ciphers.
# Ciphers aes256-ctr,aes192-ctr,aes128-ctr

# Not using GSSAPI or Hostbased in any places...
PreferredAuthentications publickey,keyboard-interactive,password

# If a SSHFP entry exists in DNS, then we should trust it.
# If it doesn't then add to known_hosts since in 99% of cases
# we have no way to validate good vs. bad anyway!
# Future attempts to connect will spot any changes to fingerprint.
VerifyHostKeyDNS yes
StrictHostKeyChecking no

# More likely to notice changes in this than a hex fingerprint!
VisualHostKey yes

#SendEnv LANG LC_*

IdentitiesOnly yes

Include ~/./ssh/cred_config

Host *
  AddKeysToAgent 60m
Initial Commit 2022-01-27 16:00:02 +00:00			`# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $`

			`# This is the ssh client system-wide configuration file. See`
			`# ssh_config(5) for more information. This file provides defaults for`
			`# users, and the values can be changed in per-user configuration files`
			`# or on the command line.`

			`# Configuration data is parsed as follows:`
			`# 1. command line options`
			`# 2. user-specific file`
			`# 3. system-wide file`
			`# Any configuration value is only changed the first time it is set.`
			`# Thus, host-specific definitions should be at the beginning of the`
			`# configuration file, and defaults at the end.`

			`# Site-wide defaults for some commonly used options. For a comprehensive`
			`# list of available options, their meanings and defaults, please see the`
			`# ssh_config(5) man page.`

			`Port 22`

			`# Defaults to allowing v1 which has known vulnerabilities`
			`Protocol 2`

			`# Almost always get a small win from compression,`
			`# but we don't want to expend too much CPU on it either.`
			`#Compression yes`
			`#CompressionLevel 4`

			`# Try and maintain a connection even if the server concerned`
			`# is hiding behind a stateful firewall :-(`
			`ServerAliveInterval 120`
			`ServerAliveCountMax 3`

			`ForwardAgent yes`
			`ForwardX11 no`

			`# Stops the operating system shipping an /etc/ssh/ssh_config`
			`# which enables hashing, thereby making me quite angry!`
			`HashKnownHosts no`

			`# By default we emphasize on strong encryption, and use compression for a speed boost.`
			`# An alias exists in ~/.bashrc for 'sshf' which tries to connect with a broader list of ciphers.`
			`# Ciphers aes256-ctr,aes192-ctr,aes128-ctr`

			`# Not using GSSAPI or Hostbased in any places...`
			`PreferredAuthentications publickey,keyboard-interactive,password`

			`# If a SSHFP entry exists in DNS, then we should trust it.`
			`# If it doesn't then add to known_hosts since in 99% of cases`
			`# we have no way to validate good vs. bad anyway!`
			`# Future attempts to connect will spot any changes to fingerprint.`
			`VerifyHostKeyDNS yes`
			`StrictHostKeyChecking no`

			`# More likely to notice changes in this than a hex fingerprint!`
			`VisualHostKey yes`

			`#SendEnv LANG LC_*`

			`IdentitiesOnly yes`

			`Include ~/./ssh/cred_config`

			`Host *`
			`AddKeysToAgent 60m`