docs: update dotfiles/ssh

This commit is contained in:
David Thurstenson 2024-03-08 01:57:21 +00:00 committed by David Thurstenson
parent e2efea48a1
commit d459b5fded
1 changed files with 26 additions and 26 deletions

View File

@ -1,13 +1,13 @@
---
title: "OpenSSH"
description: "Creature comfort configs for SSH"
author: "Thurstylark"
date: 2021-9-25
draft: false
title: OpenSSH
description: Creature comfort configs for SSH
published: true
date: 2024-03-08T01:57:19.739Z
tags:
editor: markdown
dateCreated: 2024-03-07T23:21:49.285Z
---
## User-Specific Client Config
Most directives that can be set in the system-wide client configuration can be set by each user in `~/.ssh/config`. This snippit contains a collection of my most used options:
@ -37,9 +37,9 @@ Host foo # Arbitrary String. Use this definition by running `ssh foo`
### Directive Notes
- `Host`
- Can also refer to an actual hostname. See "Host-Specific Keys" below.
- Can also refer to an actual hostname. See [Host-Specific Keys](#host-specific-keys) below.
- `ServerAliveInterval` and `ServerAliveCountMax`
- It's common for a firewall to cause problems keeping connections open, so tweaking these settings can help. See "Broken Pipe Remedy" below.
- It's common for a firewall to cause problems keeping connections open, so tweaking these settings can help. See [Broken Pipe Remedy](#broken-pipe-remedy) below.
- `HostKeyAlgorithms`
- ssh-dss is less secure than the alternatives/defaults. Only use this if necessary.
- `KexAlgorithms`
@ -69,4 +69,4 @@ The `ServerAliveInterval` option sends a keepalive packet if no data has been re
Additionally, the `ServerAliveCountMax` option specifies the number of keepalive packets that may be sent without a response before ssh terminates the connection. By default this is set to `3`, but if your connection is unreliable, you can set this higher to give your server a better chance at responding the next time a keepalive packet is sent.
It is important to note that messages sent by the `TTYKeepAlive` option are not sent through the encrypted channel and can be spoofed, but the "server alive" messages are sent through the encrypted channel and cannot be spoofed. Do not use `TTYKeepAlive` messages for determining the quality or security of a connection! See `ssh-config(5)` for more info.
It is important to note that messages sent by the `TTYKeepAlive` option are not sent through the encrypted channel and can be spoofed, but the "server alive" messages are sent through the encrypted channel and cannot be spoofed. Do not use `TTYKeepAlive` messages for determining the quality or security of a connection! See `ssh-config(5)` for more info.