From ad0b9fa48b46a5e57f1e5137d65ec2ddd285d595 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sun, 25 Jun 2017 11:55:36 +0300
Subject: [PATCH] - Removed commented out disabled host key verification (was
 there in case I need to but forget how, already present in the EC2 file). -
 Added a bit of documentation where I get the SSH config.

---
 .ssh/config.d/10_global | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.ssh/config.d/10_global b/.ssh/config.d/10_global
index 2b51c27..4f5cda4 100644
--- a/.ssh/config.d/10_global
+++ b/.ssh/config.d/10_global
@@ -5,9 +5,11 @@ ControlPersist 3m
 ServerAliveInterval 30
 IdentitiesOnly yes
 ForwardAgent no
+
+# Copied from
+# https://wiki.mozilla.org/Security/Guidelines/OpenSSH?source=techstories.org#Modern
+HashKnownHosts yes
 HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
 KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
-#StrictHostKeyChecking yes
-#UserKnownHostsFile=/dev/null
-- 
GitLab