1 files changed, 78 insertions, 0 deletions
diff --git a/ssh_config b/ssh_config
new file mode 100644
index 0000000..5cdc3eb
--- /dev/null
+++ b/ssh_config
@@ -0,0 +1,78 @@
+#       $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+# Configuration data is parsed as follows:
+#  1. command line options
+#  2. user-specific file
+#  3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+# Site-wide defaults for some commonly used options.  For a comprehensive
+# list of available options, their meanings and defaults, please see the
+# ssh_config(5) man page.
+# Minimum accepted size of the DH parameter p. By default this is set to 1024
+# to maintain compatibility with RFC4419, but should be set higher.
+# Upstream default is identical to setting this to 2048.
+#KexDHMin 1024
+Host *
+#   ForwardAgent no
+#   ForwardX11 no
+# If you do not trust your remote host (or its administrator), you
+# should not forward X11 connections to your local X11-display for
+# security reasons: Someone stealing the authentification data on the
+# remote side (the "spoofed" X-server by the remote sshd) can read your
+# keystrokes as you type, just like any other X11 client could do.
+# Set this to "no" here for global effect or in your own ~/.ssh/config
+# file if you want to have the remote X11 authentification data to 
+# expire after two minutes after remote login.
+ForwardX11Trusted yes
+#   RhostsRSAAuthentication no
+#   RSAAuthentication yes
+#   PasswordAuthentication yes
+#   HostbasedAuthentication no
+#   GSSAPIAuthentication no
+#   GSSAPIDelegateCredentials no
+#   GSSAPIKeyExchange no
+#   GSSAPITrustDNS no
+#   BatchMode no
+#   CheckHostIP yes
+#   AddressFamily any
+#   ConnectTimeout 0
+#   StrictHostKeyChecking ask
+#   IdentityFile ~/.ssh/identity
+#   IdentityFile ~/.ssh/id_rsa
+#   IdentityFile ~/.ssh/id_dsa
+#   Port 22
+Protocol 2
+#   Cipher 3des
+#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
+#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+#   EscapeChar ~
+#   Tunnel no
+#   TunnelDevice any:any
+#   PermitLocalCommand no
+#   VisualHostKey no
+#   ProxyCommand ssh -q -W %h:%p gateway.example.com
+# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
+# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
+# in this release. The use of 'gssapi' is deprecated due to the presence of 
+# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
+#   GSSAPIEnableMITMAttack no
+# This enables sending locale enviroment variables LC_* LANG, see ssh_config(5).
+SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+SendEnv LC_IDENTIFICATION LC_ALL
+#   RekeyLimit 1G 1h

diff --git a/ssh_config b/ssh_config new file mode 100644 index 0000000..5cdc3eb --- /dev/null +++ b/ssh_config
@@ -0,0 +1,78 @@
	1	# $OpenBSD: ssh_config,v 1.28 2013/09/16 11:35:43 sthen Exp $
	2
	3	# This is the ssh client system-wide configuration file. See
	4	# ssh_config(5) for more information. This file provides defaults for
	5	# users, and the values can be changed in per-user configuration files
	6	# or on the command line.
	7
	8	# Configuration data is parsed as follows:
	9	# 1. command line options
	10	# 2. user-specific file
	11	# 3. system-wide file
	12	# Any configuration value is only changed the first time it is set.
	13	# Thus, host-specific definitions should be at the beginning of the
	14	# configuration file, and defaults at the end.
	15
	16	# Site-wide defaults for some commonly used options. For a comprehensive
	17	# list of available options, their meanings and defaults, please see the
	18	# ssh_config(5) man page.
	19
	20	# Minimum accepted size of the DH parameter p. By default this is set to 1024
	21	# to maintain compatibility with RFC4419, but should be set higher.
	22	# Upstream default is identical to setting this to 2048.
	23	#KexDHMin 1024
	24
	25	Host *
	26	# ForwardAgent no
	27	# ForwardX11 no
	28
	29	# If you do not trust your remote host (or its administrator), you
	30	# should not forward X11 connections to your local X11-display for
	31	# security reasons: Someone stealing the authentification data on the
	32	# remote side (the "spoofed" X-server by the remote sshd) can read your
	33	# keystrokes as you type, just like any other X11 client could do.
	34	# Set this to "no" here for global effect or in your own ~/.ssh/config
	35	# file if you want to have the remote X11 authentification data to
	36	# expire after two minutes after remote login.
	37	ForwardX11Trusted yes
	38
	39	# RhostsRSAAuthentication no
	40	# RSAAuthentication yes
	41	# PasswordAuthentication yes
	42	# HostbasedAuthentication no
	43	# GSSAPIAuthentication no
	44	# GSSAPIDelegateCredentials no
	45	# GSSAPIKeyExchange no
	46	# GSSAPITrustDNS no
	47	# BatchMode no
	48	# CheckHostIP yes
	49	# AddressFamily any
	50	# ConnectTimeout 0
	51	# StrictHostKeyChecking ask
	52	# IdentityFile ~/.ssh/identity
	53	# IdentityFile ~/.ssh/id_rsa
	54	# IdentityFile ~/.ssh/id_dsa
	55	# Port 22
	56	Protocol 2
	57	# Cipher 3des
	58	# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
	59	# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
	60	# EscapeChar ~
	61	# Tunnel no
	62	# TunnelDevice any:any
	63	# PermitLocalCommand no
	64	# VisualHostKey no
	65	# ProxyCommand ssh -q -W %h:%p gateway.example.com
	66
	67	# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication
	68	# mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included
	69	# in this release. The use of 'gssapi' is deprecated due to the presence of
	70	# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
	71	# GSSAPIEnableMITMAttack no
	72
	73	# This enables sending locale enviroment variables LC_* LANG, see ssh_config(5).
	74	SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
	75	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
	76	SendEnv LC_IDENTIFICATION LC_ALL
	77
	78	# RekeyLimit 1G 1h