-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsshconfig
103 lines (89 loc) · 3.4 KB
/
sshconfig
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# vim: ft=sshconfig
HashKnownHosts yes
Include config.d/*
# -- github-keygen - begin --
# Version: 1.306
Host gist.github.com *.gist.github.com
HostName gist.github.com
# See https://docs.github.com/en/authentication/troubleshooting-ssh/using-ssh-over-the-https-port
Host ssh.github.com *.ssh.github.com 443.github.com *.443.github.com
HostName ssh.github.com
Port 443
# This rule must stay below more specific host rules to avoid
# "HostName" to be set to github.com
Host *.github.com
HostName github.com
Host github.com gist.github.com ssh.github.com 443.github.com *.github.com *.gist.github.com *.ssh.github.com *.443.github.com
User git
# Known options which are available only in some OpenSSH versions
IgnoreUnknown Protocol,UseRoaming,UseKeychain
# Force SSH2
##Protocol 2
# Enforce host checks
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/github/known_hosts_github
# Hosts added later (identified by IP) will be hashed
HashKnownHosts yes
# GitHub has not yet (2011-05) implemented SSHFP (RFC 4255)
VerifyHostKeyDNS no
# Enable only the required authentication
PubkeyAuthentication yes
PreferredAuthentications publickey
# Select algorithms recommended by Stribika
# See https://stribika.github.io/2015/01/04/secure-secure-shell.html
# Last in each list is the minimum supported by GitHub
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512
# Disallow server key using SHA-1
# https://www.openssh.com/txt/release-8.2
HostKeyAlgorithms -ssh-rsa
# Trust no one, especially the remote
ForwardAgent no
ForwardX11 no
PermitLocalCommand no
##UseRoaming no
# Connexion sharing for 60 seconds, for speedup
ControlMaster auto
ControlPath ${USER_SSH}/github/%r@%h-%p
ControlPersist 60s
Host personal.github.com personal.gist.github.com personal.ssh.github.com personal.443.github.com
User git
IdentitiesOnly yes
IdentityFile ~/.ssh/github/id_edjojob@github
Host work.github.com work.gist.github.com work.ssh.github.com work.443.github.com
User git
IdentitiesOnly yes
IdentityFile ~/.ssh/github/id_work@github
Host test.github.com test.gist.github.com test.ssh.github.com test.443.github.com
User git
IdentitiesOnly yes
IdentityFile ~/.ssh/github/id_edjojob-test@github
# -- github-keygen - end --
Host bitbucket.org bitbucket.com
ControlMaster no
Host uptermd.upterm.dev
IdentitiesOnly yes
ControlMaster no
ControlPath none
Host *.tmate.io
IdentitiesOnly yes
ControlMaster no
Host serial-console.ec2-instance-connect.*.aws
ControlMaster no
ControlPath none
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
Host *
IdentitiesOnly yes
AddKeysToAgent yes
ControlMaster auto
ControlPath ${USER_SSH}/%r@%h-%p
ControlPersist 3600
NoHostAuthenticationForLocalhost yes
ServerAliveInterval 60
ConnectTimeout 30
# security from https://cipherli.st
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
ForwardAgent no