mirror of
https://github.com/xmengnet/the-art-of-command-line.git
synced 2024-12-25 00:56:29 +08:00
Be clearer about security-sensitive ssh settings.
Fixes #8 Fixes #11 Fixes #16
This commit is contained in:
parent
bc7a032d5a
commit
6b3a67a32b
1 changed files with 3 additions and 3 deletions
|
@ -101,16 +101,16 @@ Scope:
|
||||||
|
|
||||||
- In ssh, knowing how to port tunnel with `-L` or `-D` (and occasionally `-R`) is useful, e.g. to access web sites from a remote server.
|
- In ssh, knowing how to port tunnel with `-L` or `-D` (and occasionally `-R`) is useful, e.g. to access web sites from a remote server.
|
||||||
|
|
||||||
- It can be useful to make a few optimizations to your ssh configuration; for example, this `~/.ssh/config` contains settings to avoid dropped connections in certain network environments, not require confirmation connecting to new hosts, forward authentication, and use compression (which is helpful with scp over low-bandwidth connections):
|
- It can be useful to make a few optimizations to your ssh configuration; for example, this `~/.ssh/config` contains settings to avoid dropped connections in certain network environments, and use compression (which is helpful with scp over low-bandwidth connections):
|
||||||
```
|
```
|
||||||
TCPKeepAlive=yes
|
TCPKeepAlive=yes
|
||||||
ServerAliveInterval=15
|
ServerAliveInterval=15
|
||||||
ServerAliveCountMax=6
|
ServerAliveCountMax=6
|
||||||
StrictHostKeyChecking=no
|
|
||||||
Compression=yes
|
Compression=yes
|
||||||
ForwardAgent=yes
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
- A few other options relevant to ssh are security sensitive and should be enabled with care, e.g. per subnet or host or in trusted networks: `StrictHostKeyChecking=no`, `ForwardAgent=yes`
|
||||||
|
|
||||||
- To get the permissions on a file in octal form, which is useful for system configuration but not available in `ls` and easy to bungle, use something like
|
- To get the permissions on a file in octal form, which is useful for system configuration but not available in `ls` and easy to bungle, use something like
|
||||||
```
|
```
|
||||||
stat -c '%A %a %n' /etc/timezone
|
stat -c '%A %a %n' /etc/timezone
|
||||||
|
|
Loading…
Reference in a new issue