|
Host login*.rc
|
|
HostName %h.colorado.edu
|
|
|
|
Host *.rc
|
|
HostName %h.int.colorado.edu
|
|
|
|
|
|
Match host=*.rc.colorado.edu,*.rc.int.colorado.edu
|
|
User user1234
|
|
|
|
|
|
# Internal RC hosts are running an old version of OpenSSH
|
|
Match host=*.rc.int.colorado.edu
|
|
MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96
|
|
|
|
|
|
Match host=login.rc.colorado.edu
|
|
ControlMaster auto
|
|
ControlPath ~/.ssh/.socket_%h_%p_%r
|
|
ControlPersist 4h
|
|
|
|
|
|
Match host=*.rc.int.colorado.edu
|
|
ProxyCommand ssh -W %h:%p login.rc.colorado.edu
|
|
|
|
|
|
# Secure defaults
|
|
|
|
Host *
|
|
|
|
# https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern
|
|
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
|
|
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
|
|
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1
|
|
|
|
# Protect remote servers if my credentials are ever compromised
|
|
HashKnownHosts yes
|
|
|
|
# http://www.openssh.com/txt/release-7.1p2
|
|
UseRoaming no
|