# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. Port 22 # Defaults to allowing v1 which has known vulnerabilities Protocol 2 # Almost always get a small win from compression, # but we don't want to expend too much CPU on it either. #Compression yes #CompressionLevel 4 # Try and maintain a connection even if the server concerned # is hiding behind a stateful firewall :-( ServerAliveInterval 120 ServerAliveCountMax 3 ForwardAgent yes ForwardX11 no # Stops the operating system shipping an /etc/ssh/ssh_config # which enables hashing, thereby making me quite angry! HashKnownHosts no # By default we emphasize on strong encryption, and use compression for a speed boost. # An alias exists in ~/.bashrc for 'sshf' which tries to connect with a broader list of ciphers. # Ciphers aes256-ctr,aes192-ctr,aes128-ctr # Not using GSSAPI or Hostbased in any places... PreferredAuthentications publickey,keyboard-interactive,password # If a SSHFP entry exists in DNS, then we should trust it. # If it doesn't then add to known_hosts since in 99% of cases # we have no way to validate good vs. bad anyway! # Future attempts to connect will spot any changes to fingerprint. VerifyHostKeyDNS yes StrictHostKeyChecking no # More likely to notice changes in this than a hex fingerprint! VisualHostKey yes #SendEnv LANG LC_* IdentitiesOnly yes Include ~/./ssh/cred_config Host * AddKeysToAgent 60m