You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
73 lines
3.5 KiB
73 lines
3.5 KiB
# ssh(1) obtains configuration data from the following sources in the following order:
|
|
#
|
|
# 1. command-line options
|
|
# 2. user's configuration file (~/.ssh/config)
|
|
# 3. system-wide configuration file (/etc/ssh/ssh_config)
|
|
#
|
|
# For each parameter, the first obtained value will be used. The configuration files contain sections separated
|
|
# by “Host” specifications, and that section is only applied for hosts that match one of the patterns given in the
|
|
# specification. The matched host name is the one given on the command line.
|
|
#
|
|
# Since the first obtained value for each parameter is used, more host-specific declarations should be given near
|
|
# the beginning of the file, and general defaults at the end.
|
|
|
|
# Example for one that uses ssh keys
|
|
# Without specifying IdentityFile it will use the default list
|
|
Host reallysecure reallysecure.example.com
|
|
HostName reallysecure.example.com
|
|
User mysecureuser
|
|
PreferredAuthentications publickey
|
|
PasswordAuthentication no
|
|
KbdInteractiveAuthentication no
|
|
|
|
# This is used to rsync data over lan
|
|
Host backupserver
|
|
HostName 10.20.30.40
|
|
User backupuser
|
|
BatchMode yes
|
|
Ciphers arcfour,blowfish-cbc,aes128-ctr
|
|
IdentityFile ~/.ssh/backupserver.pem
|
|
# Generally compression over lan slows things down
|
|
Compression no
|
|
|
|
|
|
# See man ssh_config for all options and descriptions, this just lists what may
|
|
# be useful to do on a per-host basis. Defaults from Ubuntu 12.04
|
|
Host *
|
|
# Can speed up logins to some servers
|
|
GSSAPIAuthentication no
|
|
GSSAPIKeyExchange no
|
|
ChallengeResponseAuthentication no
|
|
HashKnownHosts no
|
|
Protocol 2
|
|
# Some servers will force log out if you haven't typed anything in a while
|
|
# This means send a packet every 60 seconds, after 3 of those without a
|
|
# response then drop the connection
|
|
ServerAliveCountMax 3
|
|
ServerAliveInterval 60
|
|
TCPKeepAlive yes
|
|
#BatchMode [yes|no] # Def: no
|
|
#CheckHostIP [yes|no] # Def: yes - no is useful on a host who's key changes (rebuilding a dev machine)
|
|
#Ciphers (see ssh_config(5)) # (sshv2) Def: (see man page) - (speed: arcfour > blowfish > aes)
|
|
#Compression [yes|no] # Def: no
|
|
#ControlMaster [yes|ask|auto|autoask] # Best to just google ControlMaster or check man pages
|
|
#ControlPath <path>
|
|
#ControlPersist [yes|no]
|
|
#DynamicForward <[bind_addres:]port> # sets up a local socks proxy over ssh
|
|
#ExitOnForwardFailure [yes|no] # Def: no
|
|
#ForwardX11 [yes|no] # Def: no
|
|
#ForwardX11Timeout (see sshd_config "Time Formats") # Def: 20 minutes
|
|
#ForwardX11Trust [yes|no] # Def: yes (debian specific)
|
|
#HostKeyAlias <name> # Useful if have several Host sections for single server
|
|
#HostName [<dns_name>|<ip>] # Also supports %h for given on command line (eg: %h.example.com)
|
|
#IdentityFile <path> # Def: (see ssh_config(5)) - several escape sequences are supported, see man page
|
|
#KbdInteractiveAuthentication [yes|no] # Def: yes - can disable if only using ssh keys
|
|
#LocalForward <[local bind_address:]local_port> <remote_host>:<remote_port>
|
|
# An example that forwards local 8080 to port 8443 on remote server:
|
|
# LocalForward localhost:8080 127.0.0.1:8443
|
|
#PasswordAuthentication [yes|no] # Def: yes - Another thing to disable if using keys
|
|
#Port <server_port> # Def: 22
|
|
#PreferredAuthentications <list> # Can set this to 'publickey' to disable all other methods
|
|
#StrictHostKeyChecking [yes|no|ask] # Def: ask
|
|
#VerifyHostKeyDNS [yes|no|ask] # Def: no - useful but rarely used, google it for info
|
|
|