Be clearer about security-sensitive ssh settings.

Fixes #8
Fixes #11
Fixes #16
This commit is contained in:
Joshua Levy 2015-06-15 19:32:03 -07:00
parent bc7a032d5a
commit 6b3a67a32b

View file

@ -101,16 +101,16 @@ Scope:
- In ssh, knowing how to port tunnel with `-L` or `-D` (and occasionally `-R`) is useful, e.g. to access web sites from a remote server. - In ssh, knowing how to port tunnel with `-L` or `-D` (and occasionally `-R`) is useful, e.g. to access web sites from a remote server.
- It can be useful to make a few optimizations to your ssh configuration; for example, this `~/.ssh/config` contains settings to avoid dropped connections in certain network environments, not require confirmation connecting to new hosts, forward authentication, and use compression (which is helpful with scp over low-bandwidth connections): - It can be useful to make a few optimizations to your ssh configuration; for example, this `~/.ssh/config` contains settings to avoid dropped connections in certain network environments, and use compression (which is helpful with scp over low-bandwidth connections):
``` ```
TCPKeepAlive=yes TCPKeepAlive=yes
ServerAliveInterval=15 ServerAliveInterval=15
ServerAliveCountMax=6 ServerAliveCountMax=6
StrictHostKeyChecking=no
Compression=yes Compression=yes
ForwardAgent=yes
``` ```
- A few other options relevant to ssh are security sensitive and should be enabled with care, e.g. per subnet or host or in trusted networks: `StrictHostKeyChecking=no`, `ForwardAgent=yes`
- To get the permissions on a file in octal form, which is useful for system configuration but not available in `ls` and easy to bungle, use something like - To get the permissions on a file in octal form, which is useful for system configuration but not available in `ls` and easy to bungle, use something like
``` ```
stat -c '%A %a %n' /etc/timezone stat -c '%A %a %n' /etc/timezone