Dotfiles from time before I knew the word dotfiles, but the name has stuck.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

51 lines
1.7KB

  1. # /etc/ssh/ssh_config - at least the Arch default was full of comments
  2. # so I think it makes more sense if I just paste my normal config here
  3. # without host specific options.
  4. Host *
  5. # Path for the control socket.
  6. ControlPath ~/.ssh/sockets/socket-%r@%h:%p
  7. # Multiple sessions over single connection
  8. ControlMaster yes
  9. # Keep connection open in the background even after connection has been
  10. # closed.
  11. ControlPersist yes
  12. ForwardAgent no
  13. ForwardX11 no
  14. # Ensure KnownHosts are unreadable if leaked.
  15. HashKnownHosts yes
  16. LogLevel VERBOSE
  17. Protocol 2
  18. # Always try public key authentication.
  19. PubkeyAuthentication yes
  20. # Send needed environment variables. I don't like setting wildcards
  21. # and LC_ALL is disabled on purpouse.
  22. SendEnv EDITOR LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION TERM TZ
  23. # If the server doesn't reply in three "pings", connection is dead.
  24. # Defaults to 3 anyway, but I add it here for clearity and
  25. # in case it decides to change in the future.
  26. ServerAliveCountMax 3
  27. # "ping" the server every minute.
  28. ServerAliveInterval 60
  29. # OpenSSH 6.8+ - ask all host keys from servers.
  30. # I trust the server admins and ways to identify the keys (DNSSEC,
  31. # manual).
  32. UpdateHostKeys yes
  33. # Workaround CVE-2016-0777 & CVE-0778 on OpenSSH < 7.1p2
  34. UseRoaming no
  35. # Verify SSHFP records. If this is yes, the question is skipped when
  36. # DNSSEC is used, but apparently only "ask" and "no" write known_hosts
  37. # However with "ask" you won't be told whether the zone is signed, so
  38. # I consider "yes" to be the least evil.
  39. VerifyHostKeyDNS yes