xmengnet/the-art-of-command-line
1
0
Fork 0
mirror of https://github.com/xmengnet/the-art-of-command-line.git synced 2024-12-24 04:16:29 +08:00
Code Issues Projects Releases Packages Wiki Activity

Be clearer about security-sensitive ssh settings.

Browse source 
Fixes #8
Fixes #11
Fixes #16
This commit is contained in:
Joshua Levy 2015-06-15 19:32:03 -07:00
parent bc7a032d5a
commit 6b3a67a32b
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -101,16 +101,16 @@ Scope:
- In ssh, knowing how to port tunnel with `-L` or `-D` (and occasionally `-R`) is useful, e.g. to access web sites from a remote server.
- It can be useful to make a few optimizations to your ssh configuration; for example, this `~/.ssh/config` contains settings to avoid dropped connections in certain network environments, not require confirmation connecting to new hosts, forward authentication, and use compression (which is helpful with scp over low-bandwidth connections):
- It can be useful to make a few optimizations to your ssh configuration; for example, this `~/.ssh/config` contains settings to avoid dropped connections in certain network environments, and use compression (which is helpful with scp over low-bandwidth connections):
```
TCPKeepAlive=yes
ServerAliveInterval=15
ServerAliveCountMax=6
StrictHostKeyChecking=no
Compression=yes
ForwardAgent=yes
```
- A few other options relevant to ssh are security sensitive and should be enabled with care, e.g. per subnet or host or in trusted networks: `StrictHostKeyChecking=no`, `ForwardAgent=yes`
- To get the permissions on a file in octal form, which is useful for system configuration but not available in `ls` and easy to bungle, use something like
```
stat -c '%A %a %n' /etc/timezone