From: martin f. krafft Date: Thu, 12 Nov 2015 04:07:12 +0000 (+1300) Subject: config file cleanup X-Git-Url: https://git.madduck.net/etc/ssh.git/commitdiff_plain/d88d0a87b1c281f9f6721517c5dda2f2f7304b3f?ds=inline;hp=e41b47bdb8687f49ad9ef8d1eac99c14b0aa3d3e config file cleanup --- diff --git a/.ssh/config.in b/.ssh/config.in index c0322cd..034ae11 100644 --- a/.ssh/config.in +++ b/.ssh/config.in @@ -4,6 +4,10 @@ Host 127.0.0.1 | localhost ForwardX11Trusted yes NoHostAuthenticationForLocalhost yes +Match host *.madduck.net + StrictHostKeyChecking ask + VerifyHostKeyDNS ask + ### CHARADE KVM HOST Host charade.madduck.net | charade @@ -276,6 +280,10 @@ Host *.virt | 192.168.122.* | red | green | blue | yellow | black | white | oran ### DEBIAN +Match host *.debian.org + StrictHostKeyChecking ask + VerifyHostKeyDNS ask + Host scm.alioth.debian.org HostKeyAlias moszumanska.debian.org User madduck @@ -924,63 +932,21 @@ Host github.com | github ### DEFAULTS Host * -# AddressFamily any -# BatchMode no -# CheckHostIP yes - Cipher blowfish -# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr -# ClearAllForwardings no -# Compression no -# CompressionLevel 6 -# ConnectionAttempts 1 + IgnoreUnknown * ConnectTimeout 10 ControlPath ~/.var/ssh/ssh_control_%l_%h_%p_%r ControlMaster auto ControlPersist 30 -## DSAAuthentication no -# DynamicForward off -# EnableSSHKeysign no -# EscapeChar ~ ExitOnForwardFailure yes ForwardAgent no ForwardX11 no -# ForwardX11Trusted yes -# GatewayPorts no -# GlobalKnownHostsFile /etc/ssh/ssh_known_hosts + ForwardX11Trusted no HashKnownHosts no -# HostbasedAuthentication no - HostKeyAlgorithms ssh-rsa -# IdentityFile ~/.ssh/identity - IdentityFile2 ~/.ssh/id_rsa - IPQoS lowdelay throughput -# KbdInteractiveDevices pam -# LocalCommand none -# LocalForward none -# LogLevel INFO - MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha1-96,hmac-md5,hmac-md5-96 -# NoHostAuthenticationForLocalhost no NumberOfPasswordPrompts 2 PasswordAuthentication yes -# PermitLocalCommand no -# Port 22 -# PreferredAuthentications gssapi-with-mic,hostbased,publickey,keyboard-interactive,password Protocol 2 -# ProxyCommand -# PubkeyAuthentication yes -# RekeyLimit 1G-4G #depends on cipher -# RemoteForward -# RhostsRSAAuthentication no -# RSAAuthentication no -# ServerAliveCountMax 3 ServerAliveInterval 45 - SetupTimeOut 10 -# SmartcardDevice off StrictHostKeyChecking yes -# TCPKeepAlive yes -# Tunnel no -# TunnelDevice any:any -# UsePrivilegedPort no -# UserKnownHostsFile ~/.ssh/known_hosts -# VerifyHostKeyDNS no + UpdateHostKeys ask + VerifyHostKeyDNS ask VisualHostKey no -# XAuthLocation /usr/X11R6/bin/xauth