terrywang/config

## config
# User ssh configuration file ~/.ssh/config
# Gist https://gist.github.com/terrywang/3997931
# man ssh_config for more information
# Inspired by the blog post below to fight the NSA
# https://stribika.github.io/2015/01/04/secure-secure-shell.html

# Github needs diffie-hellman-group-exchange-sha1 some of the time but not always
# Host github.com
#     KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

Host *
    # key exchange algorithms
    KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
    # client authenticaiton
    # PasswordAuthentication no
    ChallengeResponseAuthentication no
    PubkeyAuthentication yes
    # host key algorithms the client wants to use in order of preference
    HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
    # symmetric ciphers in order of preference
    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
    # Message Authentication Code algorithms in order of preference for data integrity protection
    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
    # hmac-ripemd160 MAC removed as OpenSSH 7.6 deprecated it
    ServerAliveInterval 30
    # Speed up SSH session creation
    # by sharing multiple sessions over a single network connection
    # reuse already established TCP connection
    # ControlMaster auto
    # ControlPath ~/.ssh/sockets/%r@%h-%p
    # ControlPersist 600
    # Disable roaming explicitly anyway for good
    # UseRoaming no # Disabled after upgrading to macOS Sierra
    VisualHostKey yes
    # Ensure KnownHosts are unreadable if leaked
    # otherwise it is easier to know which hosts your keys have access to
    # HashKnownHosts yes
    # macOS Sierra - add passphrases to keychain
    UseKeychain yes
    # Load keys into ssh-agent
    AddKeysToAgent yes
	# User ssh configuration file ~/.ssh/config
	# Gist https://gist.github.com/terrywang/3997931
	# man ssh_config for more information
	# Inspired by the blog post below to fight the NSA
	# https://stribika.github.io/2015/01/04/secure-secure-shell.html

	# Github needs diffie-hellman-group-exchange-sha1 some of the time but not always
	# Host github.com
	# KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

	Host *
	# key exchange algorithms
	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
	# client authenticaiton
	# PasswordAuthentication no
	ChallengeResponseAuthentication no
	PubkeyAuthentication yes
	# host key algorithms the client wants to use in order of preference
	HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa
	# symmetric ciphers in order of preference
	Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
	# Message Authentication Code algorithms in order of preference for data integrity protection
	MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
	# hmac-ripemd160 MAC removed as OpenSSH 7.6 deprecated it
	ServerAliveInterval 30
	# Speed up SSH session creation
	# by sharing multiple sessions over a single network connection
	# reuse already established TCP connection
	# ControlMaster auto
	# ControlPath ~/.ssh/sockets/%r@%h-%p
	# ControlPersist 600
	# Disable roaming explicitly anyway for good
	# UseRoaming no # Disabled after upgrading to macOS Sierra
	VisualHostKey yes
	# Ensure KnownHosts are unreadable if leaked
	# otherwise it is easier to know which hosts your keys have access to
	# HashKnownHosts yes
	# macOS Sierra - add passphrases to keychain
	UseKeychain yes
	# Load keys into ssh-agent
	AddKeysToAgent yes