Last active
April 9, 2022 23:29
-
-
Save atErik/b2acb5f7b0693dfa6d4690aa6b251b70 to your computer and use it in GitHub Desktop.
macOS MacBook computer 1 : below is the ~/.ssh/config file from an admin type user "macUsr"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is the ssh client config file for a specific user. See | |
| # "man ssh_config"(5) for more information. | |
| # | |
| # | |
| # | |
| # Lines begin with the "#" symbol are comments/notes | |
| # | |
| # | |
| # DEFAULT | |
| # Authentication: | |
| KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256 | |
| Ciphers aes256-gcm@openssh.com,aes256-ctr | |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256 | |
| # Authentication EXTRA: | |
| HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| HostbasedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| FingerprintHash sha256 | |
| Protocol 2 | |
| PasswordAuthentication yes | |
| PubkeyAuthentication yes | |
| # | |
| # | |
| # | |
| # = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = | |
| # (To change SSH Connection RULES for any remote server, | |
| # go to below/last "Host *" section) | |
| # | |
| # RULES FOR SSH-TUNNEL FROM "MB_macUsr" To "SRVR1" SERVER: | |
| # | |
| Host SRVR1_root_sshd | |
| Hostname SRVR1.IPv4.ADRS | |
| User root | |
| Port 5022 | |
| # Remember SSH-Keys for specific server, by adding into SSH-keyring: | |
| AddKeysToAgent yes | |
| # User have to enter passphrase each time on new conneciton, if below is not "yes": | |
| UseKeychain yes | |
| # ForwardAgent no | |
| ForwardX11 no | |
| # ForwardX11Trusted yes | |
| # PreferredAuthentications : Specifies the order in which the client should try authentication methods. | |
| # This allows a client to prefer one method (e.g. keyboard-interactive) over another method (e.g. | |
| # password). The default is : gssapi-with-mic,hostbased,publickey,keyboard-interactive,password | |
| # PasswordAuthentication yes | |
| PasswordAuthentication no | |
| # KbdInteractiveAuthentication yes | |
| KbdInteractiveAuthentication no | |
| # RhostsRSAAuthentication no | |
| # RSAAuthentication yes | |
| # RSAAuthentication yes | |
| # HostbasedAuthentication no | |
| HostbasedAuthentication no | |
| # NoHostAuthenticationForLocalhost no | |
| # GSSAPIAuthentication no | |
| GSSAPIAuthentication no | |
| # GSSAPIDelegateCredentials no | |
| # GSSAPIKeyExchange no | |
| # GSSAPITrustDNS no | |
| # BatchMode no | |
| # CheckHostIP yes | |
| CheckHostIP yes | |
| # VerifyHostKeyDNS : Specifies whether to verify the remote key using DNS and SSHFP resource records. If | |
| # this option is set to "yes", the client will implicitly trust keys that match a secure fingerprint from | |
| # DNS. Insecure fingerprints will be handled as if this option was set to "ask" . If this option is set | |
| # to "ask", information on fingerprint match will be displayed, but the user will still need to confirm | |
| # new host keys according to the "StrictHostKeyChecking" option . The default is "no". | |
| # VerifyHostKeyDNS false | |
| VerifyHostKeyDNS yes | |
| # AddressFamily any # ipv4 / ipv6 | |
| AddressFamily any | |
| # ServerAliveInterval 0 | |
| ServerAliveInterval 20 | |
| # ServerAliveCountMax 3 | |
| ServerAliveCountMax 1 | |
| # TCPKeepAlive yes | |
| TCPKeepAlive yes | |
| # ConnectTimeout number (it uses the default system TCP timeout in ssh-server) | |
| ConnectTimeout 30 | |
| # ConnectionAttempts 1 | |
| ConnectionAttempts 1 | |
| # StrictHostKeyChecking ask # StrictHostKeyChecking : If this flag is set to yes, ssh(1) will never | |
| # automatically add host keys to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host | |
| # key has changed . This provides maximum protection against man-in-the-middle (MITM) attacks, though it | |
| # can be annoying when the /etc/ssh/ssh_known_hosts file is poorly maintained or when connections to new | |
| # hosts are frequently made . This option forces the user to manually add all new hosts. | |
| # If this flag is set to “accept-new” then ssh will automatically add new host keys to the user known | |
| # hosts files, but will not permit connections to hosts with changed host keys. If this flag is set to | |
| # “no” or “off”, ssh will automatically add new host keys to the user known hosts files and allow | |
| # connections to hosts with changed hostkeys to proceed, subject to some restrictions . If this flag is | |
| # set to ask (the default), new host keys will be added to the user known host files only after the user | |
| # has confirmed that is what they really want to do, and ssh will refuse to connect to hosts whose host | |
| # key has changed . The host keys of known hosts will be verified automatically in all cases. | |
| # List of PRIVATE KEYS/FILES (DO NOT SHARE / NEVER SHARE / SECRET KEY) | |
| # Each has another file which ends with .pub , and this is PUB KEY (Public-Key) | |
| # Pub Key can be SHARED ONLY WITH your TRUSTED SERVER/COMPUTER/PERSON | |
| # IdentityFile ~/.ssh/identity | |
| # IdentityFile ~/.ssh/id_rsa | |
| IdentityFile ~/.ssh/id_rsa-16kb_key_MB_macUsr_to_SRVR1 | |
| # IdentityFile ~/.ssh/id_rsa-8kb_key_MB_macUsr_to_SRVR1 | |
| # IdentityFile ~/.ssh/id_dsa | |
| # IdentityFile ~/.ssh/id_ecdsa | |
| # IdentityFile ~/.ssh/id_ed25519 | |
| # IdentityFile ~/.ssh/id_ed25519_key_MB_macUsr_to_SRVR1 | |
| # globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2 | |
| # userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2 | |
| # PubkeyAuthentication yes | |
| PubkeyAuthentication yes | |
| # Port 22 | |
| # BindAddress : Use the specified address on the local machine as the source address of the connection. | |
| # Only useful on systems with more than one address. | |
| # BindInterface : Use the address of the specified interface on the local machine as the source address of | |
| # the connection. | |
| # LocalForward : Specifies that a TCP port on the local machine be forwarded over the secure channel to | |
| # the specified host and port from the remote machine . The first argument must be [bind_address:]port and | |
| # the second argument must be host:hostport . IPv6 addresses can be specified by enclosing addresses in | |
| # square brackets . Multiple forwardings may be specified, and additional forwardings can be given on the | |
| # command line . Only the superuser can forward privileged ports . By default, the local port is bound in | |
| # accordance with the GatewayPorts setting . However, an explicit bind_address may be used to bind the | |
| # connection to a specific address . The bind_address of localhost indicates that the listening port be | |
| # bound for local use only, while an empty address or ‘*’ indicates that the port should be available from | |
| # all interfaces. | |
| # Protocol 2 | |
| Protocol 2 | |
| # | |
| # Authentication: | |
| KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256 | |
| #KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,curve25519-sha256 | |
| #KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 | |
| Ciphers aes256-gcm@openssh.com,aes256-ctr | |
| #Ciphers aes256-gcm@openssh.com,aes256-ctr,chacha20-poly1305@openssh.com | |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256 | |
| # | |
| # Authentication EXTRA: | |
| # CASignatureAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519 | |
| HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| #HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com | |
| HostbasedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| #HostbasedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com | |
| PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| #PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com | |
| # | |
| # LogLevel INFO | |
| LogLevel INFO | |
| # Compression no | |
| Compression yes | |
| # EscapeChar ~ | |
| # Tunnel no # Request tun(4) device forwarding between the client and the server. The argument must be | |
| # "yes", "point-to-point" (layer 3), "ethernet" (layer 2), or "no" (the default). Specifying "yes" | |
| # requests the default tunnel mode, which is point-to-point. | |
| # TunnelDevice any:any # TunnelDevice : Specifies the tun(4) devices to open on the client (local_tun) | |
| # and the server (remote_tun) . The argument must be local_tun[:remote_tun] . The devices may be specified | |
| # by numerical ID or the keyword "any", which uses the next available tunnel device . If remote_tun is not | |
| # specified, it defaults to any . The default is "any:any". | |
| # PermitLocalCommand no | |
| # VisualHostKey no | |
| # ProxyCommand ssh -q -W %h:%p gateway.example.com | |
| # RekeyLimit 0 0 | |
| # RekeyLimit 1G 1h | |
| RekeyLimit 100M 1h | |
| # IPQoS lowdelay throughput | |
| SendEnv LANG LC_* | |
| # HashKnownHosts yes | |
| HashKnownHosts no | |
| # GSSAPIAuthentication yes | |
| # UseRoaming no | |
| FingerprintHash sha256 | |
| # | |
| # | |
| # | |
| # | |
| # = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = | |
| # (To change SSH Connection RULES for any remote server, | |
| # go to below/last "Host *" section) | |
| # | |
| # RULES FOR SSH-TUNNEL FROM "MB_macUsr" To "SRVR1_erik" SERVER: | |
| # | |
| Host SRVR1_erik_sshd | |
| Hostname SRVR1.IPv4.ADRS | |
| User erik | |
| Port 5022 | |
| AddKeysToAgent yes | |
| ForwardX11 no | |
| PasswordAuthentication no | |
| KbdInteractiveAuthentication no | |
| GSSAPIAuthentication no | |
| CheckHostIP yes | |
| VerifyHostKeyDNS yes | |
| AddressFamily any | |
| ServerAliveInterval 20 | |
| ServerAliveCountMax 1 | |
| TCPKeepAlive yes | |
| ConnectionAttempts 1 | |
| IdentityFile ~/.ssh/id_rsa-16kb_key_MB_macUsr_to_SRVR1_erik | |
| PubkeyAuthentication yes | |
| Protocol 2 | |
| # | |
| # Authentication: | |
| KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256 | |
| # | |
| Ciphers aes256-gcm@openssh.com,aes256-ctr | |
| # | |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256 | |
| # | |
| # Authentication EXTRA: | |
| # CASignatureAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519 | |
| HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| HostbasedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| # | |
| LogLevel INFO | |
| Compression yes | |
| RekeyLimit 100M 1h | |
| SendEnv LANG LC_* | |
| HashKnownHosts no | |
| FingerprintHash sha256 | |
| # | |
| # | |
| # | |
| # | |
| # = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = | |
| # (To change SSH Connection RULES for any remote server, | |
| # go to below/last "Host *" section) | |
| # | |
| # RULES FOR SSH TUNNEL FROM "MB_macUsr" To "SRVR2" SERVER: | |
| # | |
| Host SRVR2_root_sshd | |
| Hostname SRVR2.IPv4.ADRS | |
| User root | |
| Port 5022 | |
| AddKeysToAgent yes | |
| UseKeychain yes | |
| ForwardX11 no | |
| PasswordAuthentication no | |
| KbdInteractiveAuthentication no | |
| HostbasedAuthentication no | |
| GSSAPIAuthentication no | |
| CheckHostIP yes | |
| VerifyHostKeyDNS yes | |
| AddressFamily any | |
| ServerAliveInterval 20 | |
| ServerAliveCountMax 1 | |
| TCPKeepAlive yes | |
| ConnectTimeout 18 | |
| ConnectionAttempts 1 | |
| IdentityFile ~/.ssh/id_rsa-16kb_key_MB_macUsr_to_SRVR2 | |
| PubkeyAuthentication yes | |
| Protocol 2 | |
| # | |
| # Authentication: | |
| KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256 | |
| # | |
| Ciphers aes256-gcm@openssh.com,aes256-ctr | |
| # | |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256 | |
| # | |
| # Authentication EXTRA: | |
| #CASignatureAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519 | |
| HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| HostbasedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| # | |
| LogLevel INFO | |
| Compression yes | |
| RekeyLimit 100M 1h | |
| SendEnv LANG LC_* | |
| HashKnownHosts no | |
| FingerprintHash sha256 | |
| # | |
| # | |
| # | |
| # | |
| # = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = | |
| # (To change SSH Connection RULES for any remote server, | |
| # go to below/last "Host *" section) | |
| # | |
| # RULES FOR SSH TUNNEL FROM "MB_macUsr" To "SRVR2_erik/" SERVER: | |
| # | |
| Host SRVR2_erik_sshd | |
| Hostname SRVR2.IPv4.ADRS | |
| User erik | |
| Port 5022 | |
| AddKeysToAgent yes | |
| UseKeychain yes | |
| ForwardX11 no | |
| PasswordAuthentication no | |
| KbdInteractiveAuthentication no | |
| HostbasedAuthentication no | |
| GSSAPIAuthentication no | |
| CheckHostIP yes | |
| VerifyHostKeyDNS yes | |
| AddressFamily any | |
| ServerAliveInterval 20 | |
| ServerAliveCountMax 1 | |
| TCPKeepAlive yes | |
| ConnectTimeout 18 | |
| ConnectionAttempts 1 | |
| IdentityFile ~/.ssh/id_rsa-16kb_key_MB_macUsr_to_SRVR2_erik | |
| PubkeyAuthentication yes | |
| Protocol 2 | |
| # | |
| # Authentication: | |
| KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256 | |
| # | |
| Ciphers aes256-gcm@openssh.com,aes256-ctr | |
| # | |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256 | |
| # | |
| # Authentication EXTRA: | |
| #CASignatureAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519 | |
| HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| HostbasedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| # | |
| LogLevel INFO | |
| Compression yes | |
| RekeyLimit 100M 1h | |
| SendEnv LANG LC_* | |
| HashKnownHosts no | |
| FingerprintHash sha256 | |
| # | |
| # | |
| # | |
| # | |
| # = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = | |
| # (To change SSH Connection RULES for any remote server, | |
| # go to below/last "Host *" section) | |
| # | |
| # RULES FOR SSH TUNNEL FROM "MB_macUsr" To "SRVR3" SERVER: | |
| # | |
| Host SRVR3_root_sshd | |
| Hostname SRVR3.IPv4.ADRS | |
| User root | |
| Port 5022 | |
| AddKeysToAgent yes | |
| UseKeychain yes | |
| ForwardX11 no | |
| PasswordAuthentication no | |
| KbdInteractiveAuthentication no | |
| HostbasedAuthentication no | |
| GSSAPIAuthentication no | |
| CheckHostIP yes | |
| VerifyHostKeyDNS yes | |
| AddressFamily any | |
| ServerAliveInterval 20 | |
| ServerAliveCountMax 1 | |
| TCPKeepAlive yes | |
| ConnectTimeout 18 | |
| ConnectionAttempts 1 | |
| IdentityFile ~/.ssh/id_rsa-16kb_key_MB_macUsr_to_SRVR3 | |
| PubkeyAuthentication yes | |
| Protocol 2 | |
| # | |
| # Authentication: | |
| KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256 | |
| # | |
| Ciphers aes256-gcm@openssh.com,aes256-ctr | |
| # | |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256 | |
| # | |
| # Authentication EXTRA: | |
| #CASignatureAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519 | |
| HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| HostbasedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| # | |
| LogLevel INFO | |
| Compression yes | |
| RekeyLimit 100M 1h | |
| SendEnv LANG LC_* | |
| HashKnownHosts no | |
| FingerprintHash sha256 | |
| # | |
| # | |
| # | |
| # | |
| # = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = | |
| # (To change SSH Connection RULES for any remote server, | |
| # go to below/last "Host *" section) | |
| # | |
| # RULES FOR SSH TUNNEL FROM "MB_macUsr" To "SRVR3_erik" SERVER: | |
| # | |
| Host SRVR3_erik_sshd | |
| Hostname SRVR3.IPv4.ADRS | |
| User erik | |
| Port 5022 | |
| AddKeysToAgent yes | |
| UseKeychain yes | |
| ForwardX11 no | |
| PasswordAuthentication no | |
| KbdInteractiveAuthentication no | |
| HostbasedAuthentication no | |
| GSSAPIAuthentication no | |
| CheckHostIP yes | |
| VerifyHostKeyDNS yes | |
| AddressFamily any | |
| ServerAliveInterval 20 | |
| ServerAliveCountMax 1 | |
| TCPKeepAlive yes | |
| ConnectTimeout 18 | |
| ConnectionAttempts 1 | |
| IdentityFile ~/.ssh/id_rsa-16kb_key_MB_macUsr_to_SRVR3_erik | |
| PubkeyAuthentication yes | |
| Protocol 2 | |
| # | |
| # Authentication: | |
| KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256 | |
| # | |
| Ciphers aes256-gcm@openssh.com,aes256-ctr | |
| # | |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256 | |
| # | |
| # Authentication EXTRA: | |
| #CASignatureAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519 | |
| HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| HostbasedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| # | |
| LogLevel INFO | |
| Compression yes | |
| RekeyLimit 100M 1h | |
| SendEnv LANG LC_* | |
| HashKnownHosts no | |
| FingerprintHash sha256 | |
| # | |
| # | |
| # | |
| # | |
| # = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = | |
| # | |
| # RULES FOR SSH TUNNEL TO ANY * HOST, WHICH ARE NOT SPECIFIED ABOVE: | |
| # | |
| Host * | |
| # Remember SSH-Keys for specific server, by adding into SSH-keyring: | |
| AddKeysToAgent yes | |
| # User have to enter passphrase each time on new conneciton, if below is not-"yes": | |
| # UseKeychain yes | |
| # ForwardAgent no | |
| ForwardX11 no | |
| # ForwardX11Trusted yes | |
| # PreferredAuthentications : Specifies the order in which the client should try authentication methods. | |
| # This allows a client to prefer one method (e.g. keyboard-interactive) over another method (e.g. | |
| # password). The default is : gssapi-with-mic,hostbased,publickey,keyboard-interactive,password | |
| # PasswordAuthentication yes | |
| PasswordAuthentication yes | |
| KbdInteractiveAuthentication yes | |
| # RhostsRSAAuthentication no | |
| # RSAAuthentication yes | |
| # RSAAuthentication yes | |
| # HostbasedAuthentication no | |
| HostbasedAuthentication no | |
| # NoHostAuthenticationForLocalhost no | |
| # GSSAPIAuthentication no | |
| GSSAPIAuthentication no | |
| # GSSAPIDelegateCredentials no | |
| # GSSAPIKeyExchange no | |
| # GSSAPITrustDNS no | |
| # BatchMode no | |
| # CheckHostIP yes | |
| CheckHostIP yes | |
| # VerifyHostKeyDNS : Specifies whether to verify the remote key using DNS and SSHFP resource records. If | |
| # this option is set to "yes", the client will implicitly trust keys that match a secure fingerprint from | |
| # DNS. Insecure fingerprints will be handled as if this option was set to "ask" . If this option is set | |
| # to "ask", information on fingerprint match will be displayed, but the user will still need to confirm | |
| # new host keys according to the "StrictHostKeyChecking" option . The default is "no". | |
| # VerifyHostKeyDNS false | |
| VerifyHostKeyDNS ask | |
| # AddressFamily any | |
| AddressFamily any | |
| # ServerAliveInterval 0 | |
| ServerAliveInterval 20 | |
| # ServerAliveCountMax 3 | |
| ServerAliveCountMax 1 | |
| # TCPKeepAlive yes | |
| TCPKeepAlive yes | |
| # ConnectTimeout number (it uses the default system TCP timeout in ssh-server) | |
| ConnectTimeout 30 | |
| # ConnectionAttempts 1 | |
| ConnectionAttempts 1 | |
| # List of PRIVATE KEYS/FILES (DO NOT SHARE / NEVER SHARE / SECRET KEY) | |
| # Each has another file which ends with .pub , and this is PUB KEY (Public-Key) | |
| # Pub Key can be SHARED ONLY WITH your TRUSTED SERVER/COMPUTER/PERSON | |
| # IdentityFile ~/.ssh/identity | |
| # IdentityFile ~/.ssh/id_rsa | |
| IdentityFile ~/.ssh/id_rsa-16kb_key_MB_macUsr | |
| IdentityFile ~/.ssh/id_rsa-8kb_key_MB_macUsr | |
| # IdentityFile ~/.ssh/id_dsa | |
| # IdentityFile ~/.ssh/id_ecdsa | |
| # IdentityFile ~/.ssh/id_ed25519 | |
| # IdentityFile ~/.ssh/id_ed25519_key_MB_macUsr | |
| # globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2 | |
| # userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2 | |
| # PubkeyAuthentication yes | |
| PubkeyAuthentication yes | |
| # Port 22 | |
| # BindAddress : Use the specified address on the local machine as the source address of the connection. | |
| # Only useful on systems with more than one address. | |
| # BindInterface : Use the address of the specified interface on the local machine as the source address of | |
| # the connection. | |
| # LocalForward : Specifies that a TCP port on the local machine be forwarded over the secure channel to | |
| # the specified host and port from the remote machine . The first argument must be [bind_address:]port and | |
| # the second argument must be host:hostport . IPv6 addresses can be specified by enclosing addresses in | |
| # square brackets . Multiple forwardings may be specified, and additional forwardings can be given on the | |
| # command line . Only the superuser can forward privileged ports . By default, the local port is bound in | |
| # accordance with the GatewayPorts setting . However, an explicit bind_address may be used to bind the | |
| # connection to a specific address . The bind_address of localhost indicates that the listening port be | |
| # bound for local use only, while an empty address or ‘*’ indicates that the port should be available from | |
| # all interfaces. | |
| Protocol 2 | |
| # | |
| # Authentication: | |
| KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256 | |
| #KexAlgorithms diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,curve25519-sha256 | |
| #KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 | |
| Ciphers aes256-gcm@openssh.com,aes256-ctr | |
| #Ciphers aes256-gcm@openssh.com,aes256-ctr,chacha20-poly1305@openssh.com | |
| #Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr | |
| #Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr | |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256 | |
| #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256 | |
| #MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com | |
| # | |
| # Authentication EXTRA: | |
| # the "+" adds+enables new , the "-" removes the item-support | |
| #CASignatureAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519 | |
| HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| #HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com | |
| #HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256 | |
| HostbasedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| #HostbasedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com | |
| #HostbasedKeyTypes ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256 | |
| PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com | |
| #PubkeyAcceptedKeyTypes rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com | |
| #PubkeyAcceptedKeyTypes ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256 | |
| # | |
| # LogLevel INFO | |
| LogLevel INFO | |
| # Compression no | |
| Compression yes | |
| # EscapeChar ~ | |
| # Tunnel no # Request tun(4) device forwarding between the client and the server. The argument must be | |
| # "yes", "point-to-point" (layer 3), "ethernet" (layer 2), or "no" (the default). Specifying "yes" | |
| # requests the default tunnel mode, which is point-to-point. | |
| # TunnelDevice any:any # TunnelDevice : Specifies the tun(4) devices to open on the client (local_tun) | |
| # and the server (remote_tun) . The argument must be local_tun[:remote_tun] . The devices may be specified | |
| # by numerical ID or the keyword "any", which uses the next available tunnel device . If remote_tun is not | |
| # specified, it defaults to any . The default is "any:any". | |
| # PermitLocalCommand no | |
| # VisualHostKey no | |
| # ProxyCommand ssh -q -W %h:%p gateway.example.com | |
| # RekeyLimit 0 0 | |
| # RekeyLimit 1G 1h | |
| RekeyLimit 100M 1h | |
| # IPQoS lowdelay throughput | |
| SendEnv LANG LC_* | |
| HashKnownHosts no | |
| # GSSAPIAuthentication yes | |
| # UseRoaming no | |
| FingerprintHash sha256 | |
| # |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment