Make SSH stop asking stupid questions

Udgivet den januar 20, 2013 af Brian Lund Klint 
To make your everyday SSH experience a little more enjoyable, use these local config settings:

your local config is in ~/.ssh/config

host *
   ForwardAgent yes
   SendEnv LANG LC_*
   HashKnownHosts no
   ServerAliveInterval 30

host oldhost.example.net
   User myoldusername

host *.companyhosts.example.net
   User root

host *.local
   CheckHostIP no
host 192.168.*
   CheckHostIP no
host 10.*
   CheckHostIP no

---

There is not really any security lost, with 'CheckHostIP no', since the host key is still checked. 
It is only the IP check that is not done.
Also, the 'HashKnownHosts no', will leak a bit of privacy, since others will be able to see, which servers you connected to from this machine. But in my daily work, where host keys change from time to time, I think it is better to be able to look up the host, and delete the correct line, than to have that layer of privacy.

The 'ForwardAgent yes' will make you able to jump from the connected host to another, using your local id_rsa key. This will not work from the 3rd machine to a 4th, unless the second machine also enables agent forward.
Dette indlæg blev udgivet i Knowledge Base, SSH. Bogmærk permalinket.

Skriv et svar