terrywang · October 13, 2022 20:39
diff --git a/config b/config
 # User ssh configuration file ~/.ssh/config
 # Gist https://gist.github.com/terrywang/3997931
 # man ssh_config for more information
 # Inspired by the blog post below to fight the NSA
 # https://stribika.github.io/2015/01/04/secure-secure-shell.html

 # Github needs diffie-hellman-group-exchange-sha1 some of the time but not always
 # Host github.com
 #     KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

 Host *
    # key exchange algorithms
    KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
    # client authenticaiton
    # PasswordAuthentication no
    ChallengeResponseAuthentication no
    PubkeyAuthentication yes
    # host key algorithms the client wants to use in order of preference
    HostKeyAlgorithms [email protected],[email protected],ssh-ed25519,ssh-rsa
    # symmetric ciphers in order of preference
    Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
    # Message Authentication Code algorithms in order of preference for data integrity protection
    MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
    # hmac-ripemd160 MAC removed as OpenSSH 7.6 deprecated it
    ServerAliveInterval 30
    # Speed up SSH session creation
    # by sharing multiple sessions over a single network connection
    # reuse already established TCP connection
    # ControlMaster auto
    # ControlPath ~/.ssh/sockets/%r@%h-%p
    # ControlPersist 600
    # Disable roaming explicitly anyway for good
    # UseRoaming no # Disabled after upgrading to macOS Sierra
    VisualHostKey yes
    # Ensure KnownHosts are unreadable if leaked
    # otherwise it is easier to know which hosts your keys have access to
    # HashKnownHosts yes
    # macOS Sierra - add passphrases to keychain
    UseKeychain yes
    # Load keys into ssh-agent
    AddKeysToAgent yes
	# User ssh configuration file ~/.ssh/config
	# Gist https://gist.github.com/terrywang/3997931
	# man ssh_config for more information
	# Inspired by the blog post below to fight the NSA
	# https://stribika.github.io/2015/01/04/secure-secure-shell.html

	# Github needs diffie-hellman-group-exchange-sha1 some of the time but not always
	# Host github.com
	# KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1

	Host *
	# key exchange algorithms
	KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
	# client authenticaiton
	# PasswordAuthentication no
	ChallengeResponseAuthentication no
	PubkeyAuthentication yes
	# host key algorithms the client wants to use in order of preference
	HostKeyAlgorithms [email protected],[email protected],ssh-ed25519,ssh-rsa
	# symmetric ciphers in order of preference
	Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
	# Message Authentication Code algorithms in order of preference for data integrity protection
	MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
	# hmac-ripemd160 MAC removed as OpenSSH 7.6 deprecated it
	ServerAliveInterval 30
	# Speed up SSH session creation
	# by sharing multiple sessions over a single network connection
	# reuse already established TCP connection
	# ControlMaster auto
	# ControlPath ~/.ssh/sockets/%r@%h-%p
	# ControlPersist 600
	# Disable roaming explicitly anyway for good
	# UseRoaming no # Disabled after upgrading to macOS Sierra
	VisualHostKey yes
	# Ensure KnownHosts are unreadable if leaked
	# otherwise it is easier to know which hosts your keys have access to
	# HashKnownHosts yes
	# macOS Sierra - add passphrases to keychain
	UseKeychain yes
	# Load keys into ssh-agent
	AddKeysToAgent yes