-
-
Save jimklimov/1373f4b21feaa582374d425ed4fd50a9 to your computer and use it in GitHub Desktop.
~/.ssh/config behind firewall (ssh via HTTP proxy) and faster session creation by reusing already established connection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # User ssh configuration file ~/.ssh/config | |
| # Gist https://gist.github.com/terrywang/3997931 | |
| # man ssh_config for more information | |
| # Inspired by the blog post below to fight the NSA | |
| # https://stribika.github.io/2015/01/04/secure-secure-shell.html | |
| # Outside of the firewall, with HTTPS proxy | |
| # Package connect-proxy is required. | |
| # Amazon EC2 | |
| Host *.compute.amazonaws.com | |
| ProxyCommand connect -H proxy.company.com:80 %h %p | |
| ServerAliveInterval 30 | |
| # cloud.terry.im | |
| Host cloud.terry.im | |
| ProxyCommand connect -H proxy.company.com:80 %h %p | |
| ServerAliveInterval 30 | |
| # Digital Ocean | |
| Host 192.241.*.* | |
| ProxyCommand connect -H proxy.company.com:80 %h %p | |
| ServerAliveInterval 30 | |
| # Inside the firewall (do not use proxy) | |
| Host * | |
| ProxyCommand connect %h %p | |
| Host * | |
| # key exchange algorithms | |
| KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 | |
| # client authenticaiton | |
| # PasswordAuthentication no | |
| ChallengeResponseAuthentication no | |
| PubkeyAuthentication yes | |
| # host key algorithms the client wants to use in order of preference | |
| HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa | |
| # symmetric ciphers in order of preference | |
| Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr | |
| # Message Authentication Code algorithms in order of preference for data integrity protection | |
| MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com | |
| ServerAliveInterval 30 | |
| # Speed up SSH session creation | |
| # by sharing multiple sessions over a single network connection | |
| # reuse already established TCP connection | |
| # ControlMaster auto | |
| # ControlPath ~/.ssh/sockets/%r@%h-%p | |
| # ControlPersist 600 | |
| # Disable roaming explicitly anyway for good | |
| # UseRoaming no # Disable as it is by default off | |
| VisualHostKey yes | |
| # Ensure KnownHosts are unreadable if leaked | |
| # otherwise it is easier to know which hosts your keys have access to | |
| # HashKnownHosts yes | |
| # macOS Sierra - add passphrases to keychain | |
| UseKeychain yes | |
| # Load keys into ssh-agent | |
| AddKeysToAgent yes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment