dlitz/config

## config
# Example ~/.ssh/config

# Used with something like:
#   sshfs -o rw,reconnect,auto_unmount,noatime,idmap=user,allow_root _sshfs.syra.dlitz.net:~/ ~/mnt/syra
Host _sshfs.syra.dlitz.net
    HostKeyAlias syra.dlitz.net
    HostName syra.dlitz.net
    ProxyCommand none
    ControlPath none
    ServerAliveCountMax 2
    ServerAliveInterval 5

Host *
    AddKeysToAgent ask
    CanonicalDomains dlitz.net lan
    CanonicalizeMaxDots 0
    CheckHostIP no
    Ciphers -aes128-*,aes192-*
    Compression no
    ControlMaster auto
    # You need to mkdir ~/.ssh/cm_socket for this to work:
    #ControlPath ~/.ssh/cm_socket/%r@%h:%p
    ControlPath ~/.ssh/cm_socket/%C
    ControlPersist 300
    # Use the new OpenSSH QoS defaults (disabled in Debian by default because of vmware issues I guess?)
    IPQoS lowdelay throughput
    # Post-quantum crypto by default, if supported.
    KexAlgorithms ^sntrup761x25519-sha512@openssh.com
    SendEnv COLORFGBG COLORTERM EDITOR VISUAL
    # A 24-second ServerAliveInterval helps maintain connections over broken OpenWrt NAT
    ServerAliveInterval 24
    UpdateHostKeys ask
    UserKnownHostsFile ~/.ssh/known_hosts ~/.ssh/known_hosts.dotfiles
    VerifyHostKeyDNS ask
    #VisualHostKey yes

## sshd_local.conf
# Example /etc/ssh/sshd_config.d/local.conf

# Disable all host-key algorithms except ed25519
HostKey /etc/ssh/ssh_host_ed25519_key

# Public-key authentication only
AuthenticationMethods publickey
PasswordAuthentication no
ChallengeResponseAuthentication no

# Accept some extra environment variables.  You still need to use SendEnv on the client.
AcceptEnv LANG LC_* COLORFGBG COLORTERM EDITOR VISUAL
	# Example ~/.ssh/config

	# Used with something like:
	# sshfs -o rw,reconnect,auto_unmount,noatime,idmap=user,allow_root _sshfs.syra.dlitz.net:~/ ~/mnt/syra
	Host _sshfs.syra.dlitz.net
	HostKeyAlias syra.dlitz.net
	HostName syra.dlitz.net
	ProxyCommand none
	ControlPath none
	ServerAliveCountMax 2
	ServerAliveInterval 5

	Host *
	AddKeysToAgent ask
	CanonicalDomains dlitz.net lan
	CanonicalizeMaxDots 0
	CheckHostIP no
	Ciphers -aes128-,aes192-
	Compression no
	ControlMaster auto
	# You need to mkdir ~/.ssh/cm_socket for this to work:
	#ControlPath ~/.ssh/cm_socket/%r@%h:%p
	ControlPath ~/.ssh/cm_socket/%C
	ControlPersist 300
	# Use the new OpenSSH QoS defaults (disabled in Debian by default because of vmware issues I guess?)
	IPQoS lowdelay throughput
	# Post-quantum crypto by default, if supported.
	KexAlgorithms ^sntrup761x25519-sha512@openssh.com
	SendEnv COLORFGBG COLORTERM EDITOR VISUAL
	# A 24-second ServerAliveInterval helps maintain connections over broken OpenWrt NAT
	ServerAliveInterval 24
	UpdateHostKeys ask
	UserKnownHostsFile ~/.ssh/known_hosts ~/.ssh/known_hosts.dotfiles
	VerifyHostKeyDNS ask
	#VisualHostKey yes
	# Example /etc/ssh/sshd_config.d/local.conf

	# Disable all host-key algorithms except ed25519
	HostKey /etc/ssh/ssh_host_ed25519_key

	# Public-key authentication only
	AuthenticationMethods publickey
	PasswordAuthentication no
	ChallengeResponseAuthentication no

	# Accept some extra environment variables. You still need to use SendEnv on the client.
	AcceptEnv LANG LC_* COLORFGBG COLORTERM EDITOR VISUAL