-
Host *
The option Host restricts all forwarded declarations and options in the configuration file to be only for those hosts that match one of the patterns given after the keyword. The
pattern * means for all hosts up to the next Host keyword. With this option you can set different declarations for different hosts in the same ssh_config file.
-
ForwardAgent no
The option ForwardAgent specifies which connection authentication agent if any should be forwarded to the remote machine.
-
ForwardX11 no
The option ForwardX11 is for people that use the Xwindow GUI and want to automatically redirect X11 sessions to the remote machine. Since we setup a server
and don't have GUI installed on it, we can safely turn this option off.
-
RhostsAuthentication no
The option RhostsAuthentication specifies whether we can try to use rhosts based authentication. Because rhosts authentication is insecure you shouldn't use this option.
-
RhostsRSAAuthentication no
The option RhostsRSAAuthentication specifies whether or not to try rhosts authentication in concert with RSA host authentication.
-
RSAAuthentication yes
The option RSAAuthentication specifies whether to try RSA authentication. This option must be set to yes for better security on your sessions. RSA uses public and private keys pair created with
the ssh-keygen1utility for authentication purposes.
-
PasswordAuthentication yes
The option PasswordAuthentication specifies whether we should use password-based authentication. For strong security, this option must always be set to yes.
-
FallBackToRsh no
The option FallBackToRsh specifies that if a connection with ssh daemon fails rsh should automatically be used instead. Recalling that rsh service is insecure, this option must always be set to no.
-
UseRsh no
The option UseRsh specifies that rlogin/rsh services should be used on this host. As with the FallBackToRsh option, it must be set to no for obvious reasons.
-
BatchMode no
The option BatchMode specifies whether a username and password querying on connect will be disabled. This option is useful when you create scripts and dont want to supply the password. e.g. Scripts
that use the scp command to make backups over the network.
-
CheckHostIP yes
The option CheckHostIP specifies whether or not ssh will additionally check the host IP address that connect to the server to detect DNS spoofing. It's recommended that you set this option
to yes.
- StrictHostKeyChecking no
The option StrictHostKeyChecking specifies whether or not ssh will automatically add new host keys to the $HOME/.ssh/known_hosts file, or never automatically add new
host keys to the host file. This option, when set to yes, provides maximum protection against Trojan horse attacks. One interesting procedure with this option is to set it to no
at the beginning, allow ssh to add automatically all common hosts to the host file as they are connected to, and then return to set it to yes to take advantage of this feature.
-
IdentityFile ~/.ssh/identity
The option IdentityFile specifies an alternate RSA authentication identity file to read. Also, multiple identity files may be specified in the configuration file ssh_config.
-
Port 22
The option Port specifies on which port number ssh connects to on the remote host. The default port is 22.
-
Cipher blowfish
The option Cipher specifies what cipher should be used for encrypting sessios. The blowfish use 64-bit blocks and keys of up to 448 bits.
-
EscapeChar ~
The option EscapeChar specifies the session escape character for suspension.
