# ##::[[--- BSD/Linux OpenSSH SSH Config ---]]::## #=================================================== ##----- Global Options -----## #=================================================== # Connection # #--------------------------------------------------- AddressFamily = inet # Encryption # #--------------------------------------------------- RekeyLimit = 500M 60m # Authentication # #--------------------------------------------------- ChallengeResponseAuthentication = no KbdInteractiveAuthentication = no PasswordAuthentication = no PreferredAuthentications = publickey PubkeyAuthentication = yes AddKeysToAgent = ask # Reliability # #--------------------------------------------------- TCPKeepAlive = yes # Security # #--------------------------------------------------- ForwardAgent = yes ForwardX11 = yes GatewayPorts = no HashKnownHosts = yes StrictHostKeyChecking = ask # Logging # #--------------------------------------------------- SyslogFacility = AUTH LogLevel = VERBOSE # Environment # #--------------------------------------------------- # Disabled: ## PermitUserRC = yes # Ciphers and ReKeying # #--------------------------------------------------- FingerprintHash = sha256 Ciphers = aes128-gcm@openssh.com,aes128-ctr,aes128-cbc,aes192-ctr,aes192-cbc,aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se HostKeyAlgorithms = ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa HostbasedAcceptedKeyTypes = ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa KexAlgorithms = ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group-exchange-sha256 MACs = hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512 PubkeyAcceptedKeyTypes = ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa