From 6b3a67a32b5c566fc7f9d096861feccc515c12e5 Mon Sep 17 00:00:00 2001 From: Joshua Levy Date: Mon, 15 Jun 2015 19:32:03 -0700 Subject: [PATCH] Be clearer about security-sensitive ssh settings. Fixes #8 Fixes #11 Fixes #16 --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index db9d707..de687d0 100644 --- a/README.md +++ b/README.md @@ -101,16 +101,16 @@ Scope: - In ssh, knowing how to port tunnel with `-L` or `-D` (and occasionally `-R`) is useful, e.g. to access web sites from a remote server. -- It can be useful to make a few optimizations to your ssh configuration; for example, this `~/.ssh/config` contains settings to avoid dropped connections in certain network environments, not require confirmation connecting to new hosts, forward authentication, and use compression (which is helpful with scp over low-bandwidth connections): +- It can be useful to make a few optimizations to your ssh configuration; for example, this `~/.ssh/config` contains settings to avoid dropped connections in certain network environments, and use compression (which is helpful with scp over low-bandwidth connections): ``` TCPKeepAlive=yes ServerAliveInterval=15 ServerAliveCountMax=6 - StrictHostKeyChecking=no Compression=yes - ForwardAgent=yes ``` +- A few other options relevant to ssh are security sensitive and should be enabled with care, e.g. per subnet or host or in trusted networks: `StrictHostKeyChecking=no`, `ForwardAgent=yes` + - To get the permissions on a file in octal form, which is useful for system configuration but not available in `ls` and easy to bungle, use something like ``` stat -c '%A %a %n' /etc/timezone