-
Notifications
You must be signed in to change notification settings - Fork 74
/
ssh_config
84 lines (69 loc) · 2.8 KB
/
ssh_config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
###############################################################################
#-- Settings for QUANTUM-SAFE key-exchange and authentication -----------------
###############################################################################
# Key-exchange algorithms
KexAlgorithms [email protected]
# The host key algorithms ssh accepts
HostKeyAlgorithms ssh-ecdsa-nistp384-dilithium3
# The algorithms used for public key authentication
PubkeyAcceptedKeyTypes ssh-ecdsa-nistp384-dilithium3
# Define how unknown host keys should be handled
#StrictHostKeyChecking ask
# The port ssh is connecting to per default
Port 2222
# All IdentityFile options, enabled ones should match PubkeyAcceptedKeyTypes
# Uncomment line to enable corresponding algorithm
# Also ensure corresponding algorithm is enabled in liboqs
#IdentityFile ~/.ssh/id_rsa
#IdentityFile ~/.ssh/id_dsa
#IdentityFile ~/.ssh/id_ed25519
#IdentityFile ~/.ssh/id_ssh-falcon512
IdentityFile ~/.ssh/id_ssh-ecdsa-nistp384-dilithium3
#IdentityFile ~/.ssh/id_ssh-ecdsa-nistp256-falcon512
#IdentityFile ~/.ssh/id_ssh-rsa3072-falcon512
###############################################################################
#-- Settings for CLASSICAL SSH ------------------------------------------------
###############################################################################
# Host *
# ForwardAgent no
# ForwardX11 no
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,[email protected]
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
#