| # This is the default ssh configuration that should be used when connecting to |
| # a device running Fuchsia. |
| |
| # This file is a valid `sshconfig` file and if needed, be used directly |
| # with the `-F` flag of ssh. |
| |
| # FFX subtools parse this file to create a command line with the same confuration. |
| # This is done to allow for easier debugging since the options appear in the log. |
| |
| CheckHostIP=no |
| StrictHostKeyChecking=no |
| UserKnownHostsFile=/dev/null |
| GlobalKnownHostsFile=/dev/null |
| |
| # Emulators start listening instantly, even though there is no sshd to talk |
| # to. And sometimes (?) they don't ever establish the connection. Give an |
| # emulator enough time to spin up, but timeout so we'll retry if need be. |
| # So, set the ConnectTimeout to 20 seconds, and try 3 times for a total of |
| # 60 seconds. |
| |
| # Specifies the number of attempts to make before exiting. |
| ConnectionAttempts=3 |
| |
| # Specifies the timeout (in seconds) used when connecting to the SSH server, |
| # instead of using the default system TCP timeout. |
| ConnectTimeout=20 |
| |
| # Specifies interval for sending keepalive messages to the server. |
| # The messages are sent through the encrypted channel, and serve to |
| # detect if the server has crashed or the network has gone down. |
| ServerAliveInterval=1 |
| |
| # Sets the number of keepalive messages that may be sent by the client |
| # without the client receiving any messages back from the server. |
| # When this threshold is reached the client will terminate the session. |
| # Note that emulator processes sometimes stalling, apparently due to |
| # a Cavium issue (b/343550891) this should be more than 15. |
| ServerAliveCountMax=20 |
| |
| # Specifies whether to send TCP keepalives to the other side. These operate on the level of the TCP protocol. |
| TCPKeepAlive=yes |
| |
| # Specifies the verbosity level of logging messages from ssh. |
| # The possible values are: |
| # QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. |
| LogLevel=ERROR |
| |
| # If set to yes, passphrase/password querying will be disabled. This is useful for |
| # running the ssh client from shell script that do not have an interactive user, |
| # and prevents accidentally blocking on a password prompt. |
| BatchMode=yes |
| |
| # Specifies whether the connection to the authentication agent will be forwarded |
| # to the remote machine. |
| ForwardAgent=no |
| |
| # No X11 |
| ForwardX11=no |
| ForwardX11Trusted=no |
| |
| # Specifies whether to try rhosts based authentication with public key authentication, |
| # using the .rhosts or .shosts files in the user's home directory and |
| # /etc/hosts.equiv and /etc/shosts.equiv in global configuration. |
| HostbasedAuthentication=no |
| |
| # Specifies that ssh should only use the identity keys configured in the |
| # ssh_config files, even if ssh-agent offers more identities. |
| # By setting no, it allows hardware keys like yubikey |
| IdentitiesOnly=no |
| |
| # Specifies whether to use keyboard-interactive authentication. This is a common |
| # method for password authentication, one-time passwords, and multi-factor authentication. |
| KbdInteractiveAuthentication=no |
| |
| # Specifies whether to try public key authentication using SSH keys. |
| PubkeyAuthentication=yes |
| |
| # Specifies whether to verify the remote key using DNS |
| VerifyHostKeyDNS=no |
