thurstylark
/
tlwiki-wikijs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: update dotfiles/ssh

This commit is contained in:
David Thurstenson 2024-03-08 01:57:21 +00:00 committed by David Thurstenson
parent e2efea48a1
commit d459b5fded
1 changed files with 26 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
dotfiles/ssh.md
View File

@ -1,13 +1,13 @@
--- ---
title: "OpenSSH" title: OpenSSH
description: "Creature comfort configs for SSH" description: Creature comfort configs for SSH
author: "Thurstylark" published: true
date: 2021-9-25 date: 2024-03-08T01:57:19.739Z
draft: false tags:
editor: markdown
dateCreated: 2024-03-07T23:21:49.285Z
--- ---
## User-Specific Client Config ## User-Specific Client Config
Most directives that can be set in the system-wide client configuration can be set by each user in `~/.ssh/config`. This snippit contains a collection of my most used options: Most directives that can be set in the system-wide client configuration can be set by each user in `~/.ssh/config`. This snippit contains a collection of my most used options:
@ -37,9 +37,9 @@ Host foo # Arbitrary String. Use this definition by running `ssh foo`
### Directive Notes ### Directive Notes
- `Host` - `Host`
- Can also refer to an actual hostname. See "Host-Specific Keys" below. - Can also refer to an actual hostname. See [Host-Specific Keys](#host-specific-keys) below.
- `ServerAliveInterval` and `ServerAliveCountMax` - `ServerAliveInterval` and `ServerAliveCountMax`
- It's common for a firewall to cause problems keeping connections open, so tweaking these settings can help. See "Broken Pipe Remedy" below. - It's common for a firewall to cause problems keeping connections open, so tweaking these settings can help. See [Broken Pipe Remedy](#broken-pipe-remedy) below.
- `HostKeyAlgorithms` - `HostKeyAlgorithms`
- ssh-dss is less secure than the alternatives/defaults. Only use this if necessary. - ssh-dss is less secure than the alternatives/defaults. Only use this if necessary.
- `KexAlgorithms` - `KexAlgorithms`
@ -69,4 +69,4 @@ The `ServerAliveInterval` option sends a keepalive packet if no data has been re
Additionally, the `ServerAliveCountMax` option specifies the number of keepalive packets that may be sent without a response before ssh terminates the connection. By default this is set to `3`, but if your connection is unreliable, you can set this higher to give your server a better chance at responding the next time a keepalive packet is sent. Additionally, the `ServerAliveCountMax` option specifies the number of keepalive packets that may be sent without a response before ssh terminates the connection. By default this is set to `3`, but if your connection is unreliable, you can set this higher to give your server a better chance at responding the next time a keepalive packet is sent.
It is important to note that messages sent by the `TTYKeepAlive` option are not sent through the encrypted channel and can be spoofed, but the "server alive" messages are sent through the encrypted channel and cannot be spoofed. Do not use `TTYKeepAlive` messages for determining the quality or security of a connection! See `ssh-config(5)` for more info. It is important to note that messages sent by the `TTYKeepAlive` option are not sent through the encrypted channel and can be spoofed, but the "server alive" messages are sent through the encrypted channel and cannot be spoofed. Do not use `TTYKeepAlive` messages for determining the quality or security of a connection! See `ssh-config(5)` for more info.