aboutsummaryrefslogtreecommitdiff
path: root/ssh_config
diff options
context:
space:
mode:
authorPacien TRAN-GIRARD2016-11-08 11:58:58 +0100
committerPacien TRAN-GIRARD2016-11-08 11:58:58 +0100
commit60db222b4a927b48d32b10115480608609875965 (patch)
treebb72a46b1ecf33d14b8606f225422b4f2aa8b53e /ssh_config
parent42c34ed184f8dc225fe3562ced33110a08d12d6c (diff)
downloadssh-hardened-60db222b4a927b48d32b10115480608609875965.tar.gz
Import default configuration
Diffstat (limited to 'ssh_config')
-rw-r--r--ssh_config78
1 files changed, 78 insertions, 0 deletions
diff --git a/ssh_config b/ssh_config
new file mode 100644
index 0000000..5cdc3eb
--- /dev/null
+++ b/ssh_config
@@ -0,0 +1,78 @@
1# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
2
3# This is the ssh client system-wide configuration file. See
4# ssh_config(5) for more information. This file provides defaults for
5# users, and the values can be changed in per-user configuration files
6# or on the command line.
7
8# Configuration data is parsed as follows:
9# 1. command line options
10# 2. user-specific file
11# 3. system-wide file
12# Any configuration value is only changed the first time it is set.
13# Thus, host-specific definitions should be at the beginning of the
14# configuration file, and defaults at the end.
15
16# Site-wide defaults for some commonly used options. For a comprehensive
17# list of available options, their meanings and defaults, please see the
18# ssh_config(5) man page.
19
20# Minimum accepted size of the DH parameter p. By default this is set to 1024
21# to maintain compatibility with RFC4419, but should be set higher.
22# Upstream default is identical to setting this to 2048.
23#KexDHMin 1024
24
25Host *
26# ForwardAgent no
27# ForwardX11 no
28
29# If you do not trust your remote host (or its administrator), you
30# should not forward X11 connections to your local X11-display for
31# security reasons: Someone stealing the authentification data on the
32# remote side (the "spoofed" X-server by the remote sshd) can read your
33# keystrokes as you type, just like any other X11 client could do.
34# Set this to "no" here for global effect or in your own ~/.ssh/config
35# file if you want to have the remote X11 authentification data to
36# expire after two minutes after remote login.
37ForwardX11Trusted yes
38
39# RhostsRSAAuthentication no
40# RSAAuthentication yes
41# PasswordAuthentication yes
42# HostbasedAuthentication no
43# GSSAPIAuthentication no
44# GSSAPIDelegateCredentials no
45# GSSAPIKeyExchange no
46# GSSAPITrustDNS no
47# BatchMode no
48# CheckHostIP yes
49# AddressFamily any
50# ConnectTimeout 0
51# StrictHostKeyChecking ask
52# IdentityFile ~/.ssh/identity
53# IdentityFile ~/.ssh/id_rsa
54# IdentityFile ~/.ssh/id_dsa
55# Port 22
56Protocol 2
57# Cipher 3des
58# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
59# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
60# EscapeChar ~
61# Tunnel no
62# TunnelDevice any:any
63# PermitLocalCommand no
64# VisualHostKey no
65# ProxyCommand ssh -q -W %h:%p gateway.example.com
66
67# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
68# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
69# in this release. The use of 'gssapi' is deprecated due to the presence of
70# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
71# GSSAPIEnableMITMAttack no
72
73# This enables sending locale enviroment variables LC_* LANG, see ssh_config(5).
74SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
75SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
76SendEnv LC_IDENTIFICATION LC_ALL
77
78# RekeyLimit 1G 1h