extend goal ssh config

125107d0 · skorpy · be7a91ff · 125107d0 · 125107d0
Commit 125107d0 authored 8 years ago by skorpy
--- a/ssh/goal/ssh_config
+++ b/ssh/goal/ssh_config
+HashKnownHosts yes
+
 # Github needs diffie-hellman-group-exchange-sha1 some of the time but not always.
 Host github.com
 	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
-    
+	MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-128-etm@openssh.com,hmac-sha2-512
+ 
 Host *
 	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
 	PasswordAuthentication no
 	ChallengeResponseAuthentication no
+	ConnectTimeout 30
+	MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
+	Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+	ServerAliveInterval 10
+	ControlMaster auto
+	ControlPersist yes
+	ControlPath ~/.ssh/socket-%r@%h:%p
+
+

--- a/ssh/goal/sshd_config
+++ b/ssh/goal/sshd_config
+Port 22
 Protocol 2
 HostKey /etc/ssh/ssh_host_ed25519_key
 HostKey /etc/ssh/ssh_host_rsa_key
@@ -15,4 +16,22 @@ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com


+Subsystem sftp /usr/lib/openssh/sftp-serve
+UsePAM no 
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+AcceptEnv LANG LC_*
+X11Forwarding no
+IgnoreRhosts yes
+SyslogFacility AUTH
+HostbasedAuthentication no
+
+#  Turn on privilege separation
+UsePrivilegeSeparation yes
+# Prevent the use of insecure home directory and key file permissions
+StrictModes yes
+# Turn on  reverse name checking
+#VerifyReverseMapping yes
+