From 5431d136b933ced4d628e62cce6fea3853c57d20 Mon Sep 17 00:00:00 2001
From: "@slovacus" <slovacus@gmail.com>
Date: Sat, 12 Jun 2021 17:40:25 -0500
Subject: [PATCH] chore: implement template assh (#40)

---
 conf/assh.yml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 conf/assh.yml

diff --git a/conf/assh.yml b/conf/assh.yml
new file mode 100644
index 0000000..65e6e88
--- /dev/null
+++ b/conf/assh.yml
@@ -0,0 +1,29 @@
+includes:
+  - ~/.ssh/custom.yml
+
+defaults:
+  # Check for changed server IPs or possible DNS spoofings
+  CheckHostIP: yes
+  # Enable compression
+  Compression: yes
+  # Enables the sharing of multiple sessions over a single socket
+  ControlMaster: no
+  # ControlPath: ~/.ssh/sockets/%h-%p-%r
+  ControlPersist: yes
+  Port: 22
+  # Store hashed domains in known_hosts for extra security
+  HashKnownHosts: yes
+  # Disable password authentication (bruteforce attacks, etc.)
+  # PasswordAuthentication: no
+  # Only enable public key authentication
+  # PubkeyAuthentication: yes
+  # Regenerate keys after a while
+  RekeyLimit: 100M 3600
+  # Ask to verify server fingerprint
+  StrictHostKeyChecking: no
+  # Send keep-alive signals to avoid connection timeout
+  TCPKeepAlive: yes
+  # https://security.stackexchange.com/questions/110639/how-exploitable-is-the-recent-useroaming-ssh-problem
+  UseRoaming: no
+  # Display randomart images of hostkeys
+  VisualHostKey: yes