# ssh(1) obtains configuration data from the following sources in the following order:
#
#       1.   command-line options
#       2.   user's configuration file (~/.ssh/config)
#       3.   system-wide configuration file (/etc/ssh/ssh_config)
#
# For each parameter, the first obtained value will be used.  The configuration files contain sections separated
# by “Host” specifications, and that section is only applied for hosts that match one of the patterns given in the
# specification.  The matched host name is the one given on the command line.
#
# Since the first obtained value for each parameter is used, more host-specific declarations should be given near
# the beginning of the file, and general defaults at the end.

# Example for one that uses ssh keys
# Without specifying IdentityFile it will use the default list
Host reallysecure reallysecure.example.com
    HostName reallysecure.example.com
    User mysecureuser
    PreferredAuthentications publickey
    PasswordAuthentication no
    KbdInteractiveAuthentication no

# This is used to rsync data over lan
Host backupserver
    HostName 10.20.30.40
    User backupuser
    BatchMode yes
    Ciphers arcfour,blowfish-cbc,aes128-ctr
    IdentityFile ~/.ssh/backupserver.pem
    # Generally compression over lan slows things down
    Compression no


# See man ssh_config for all options and descriptions, this just lists what may
# be useful to do on a per-host basis. Defaults from Ubuntu 12.04
Host *
    # Can speed up logins to some servers
    GSSAPIAuthentication no
    GSSAPIKeyExchange no
    ChallengeResponseAuthentication no
    HashKnownHosts no
    Protocol 2
    # Some servers will force log out if you haven't typed anything in a while
    # This means send a packet every 60 seconds, after 3 of those without a
    # response then drop the connection
    ServerAliveCountMax 3
    ServerAliveInterval 60
    TCPKeepAlive yes
    #BatchMode [yes|no]  # Def: no
    #CheckHostIP [yes|no]  # Def: yes - no is useful on a host who's key changes (rebuilding a dev machine)
    #Ciphers (see ssh_config(5))  # (sshv2) Def: (see man page) - (speed: arcfour > blowfish > aes)
    #Compression [yes|no]  # Def: no
    #ControlMaster [yes|ask|auto|autoask]  # Best to just google ControlMaster or check man pages
    #ControlPath <path>
    #ControlPersist [yes|no]
    #DynamicForward <[bind_addres:]port>  # sets up a local socks proxy over ssh
    #ExitOnForwardFailure [yes|no]  # Def: no
    #ForwardX11 [yes|no]  # Def: no
    #ForwardX11Timeout (see sshd_config "Time Formats")  # Def: 20 minutes
    #ForwardX11Trust [yes|no]  # Def: yes (debian specific)
    #HostKeyAlias <name>  # Useful if have several Host sections for single server
    #HostName [<dns_name>|<ip>]  # Also supports %h for given on command line (eg: %h.example.com)
    #IdentityFile <path>  # Def: (see ssh_config(5)) - several escape sequences are supported, see man page
    #KbdInteractiveAuthentication [yes|no]   # Def: yes - can disable if only using ssh keys
    #LocalForward <[local bind_address:]local_port> <remote_host>:<remote_port>
    #  An example that forwards local 8080 to port 8443 on remote server:
    #      LocalForward localhost:8080 127.0.0.1:8443
    #PasswordAuthentication [yes|no]  # Def: yes - Another thing to disable if using keys
    #Port <server_port>  # Def: 22
    #PreferredAuthentications <list>  # Can set this to 'publickey' to disable all other methods
    #StrictHostKeyChecking [yes|no|ask]  # Def: ask
    #VerifyHostKeyDNS [yes|no|ask]  # Def: no - useful but rarely used, google it for info