# User ssh configuration file ~/.ssh/config # Gist https://gist.github.com/terrywang/3997931 # man ssh_config for more information # Inspired by the blog post below to fight the NSA # https://stribika.github.io/2015/01/04/secure-secure-shell.html # Github needs diffie-hellman-group-exchange-sha1 some of the time but not always # Host github.com # KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 Host * # key exchange algorithms KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 # client authenticaiton # PasswordAuthentication no ChallengeResponseAuthentication no PubkeyAuthentication yes # host key algorithms the client wants to use in order of preference HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa # symmetric ciphers in order of preference Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr # Message Authentication Code algorithms in order of preference for data integrity protection MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com # hmac-ripemd160 MAC removed as OpenSSH 7.6 deprecated it ServerAliveInterval 30 # Speed up SSH session creation # by sharing multiple sessions over a single network connection # reuse already established TCP connection # ControlMaster auto # ControlPath ~/.ssh/sockets/%r@%h-%p # ControlPersist 600 # Disable roaming explicitly anyway for good # UseRoaming no # Disabled after upgrading to macOS Sierra VisualHostKey yes # Ensure KnownHosts are unreadable if leaked # otherwise it is easier to know which hosts your keys have access to # HashKnownHosts yes # macOS Sierra - add passphrases to keychain UseKeychain yes # Load keys into ssh-agent AddKeysToAgent yes