Created
June 18, 2023 11:43
-
-
Save dlitz/a841293a2d7564778d17d8f2e7417c9e to your computer and use it in GitHub Desktop.
My /etc/ssh/sshd_config.d/local.conf (bas
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Example ~/.ssh/config | |
# Used with something like: | |
# sshfs -o rw,reconnect,auto_unmount,noatime,idmap=user,allow_root _sshfs.syra.dlitz.net:~/ ~/mnt/syra | |
Host _sshfs.syra.dlitz.net | |
HostKeyAlias syra.dlitz.net | |
HostName syra.dlitz.net | |
ProxyCommand none | |
ControlPath none | |
ServerAliveCountMax 2 | |
ServerAliveInterval 5 | |
Host * | |
AddKeysToAgent ask | |
CanonicalDomains dlitz.net lan | |
CanonicalizeMaxDots 0 | |
CheckHostIP no | |
Ciphers -aes128-*,aes192-* | |
Compression no | |
ControlMaster auto | |
# You need to mkdir ~/.ssh/cm_socket for this to work: | |
#ControlPath ~/.ssh/cm_socket/%r@%h:%p | |
ControlPath ~/.ssh/cm_socket/%C | |
ControlPersist 300 | |
# Use the new OpenSSH QoS defaults (disabled in Debian by default because of vmware issues I guess?) | |
IPQoS lowdelay throughput | |
# Post-quantum crypto by default, if supported. | |
KexAlgorithms ^sntrup761x25519-sha512@openssh.com | |
SendEnv COLORFGBG COLORTERM EDITOR VISUAL | |
# A 24-second ServerAliveInterval helps maintain connections over broken OpenWrt NAT | |
ServerAliveInterval 24 | |
UpdateHostKeys ask | |
UserKnownHostsFile ~/.ssh/known_hosts ~/.ssh/known_hosts.dotfiles | |
VerifyHostKeyDNS ask | |
#VisualHostKey yes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Example /etc/ssh/sshd_config.d/local.conf | |
# Disable all host-key algorithms except ed25519 | |
HostKey /etc/ssh/ssh_host_ed25519_key | |
# Public-key authentication only | |
AuthenticationMethods publickey | |
PasswordAuthentication no | |
ChallengeResponseAuthentication no | |
# Accept some extra environment variables. You still need to use SendEnv on the client. | |
AcceptEnv LANG LC_* COLORFGBG COLORTERM EDITOR VISUAL |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment