Upgrading openssh on Mac OS Yosemite

Great tutorial by mochtu.de.

brew install openssl
brew install openssh --with-brewed-openssl --with-keychain-support
sudo sed -i '' 's/\/usr\/bin\/ssh-agent/\/usr\/local\/bin\/ssh-agent/' /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist
sudo mv /usr/bin/ssh /usr/bin/ssh_old
sudo ln -s /usr/local/bin/ssh /usr/bin/ssh

Great tips on improving ssh settings

I am currently reading “Ansible: Up and Running” and it pointed to several improvements I could do on my ssh settings. Also thanks to tenshu.net and OpenSSH Wikibooks.

Multiplexing:

Host *
  ControlPath /tmp/control-%r@%h:%p
  ControlMaster auto
  ControlPersist 10m

Generate separate known hosts file for your local domain:

Host *.mycompany.com
    UserKnownHostsFile ~/.ssh/generated_known_hosts
    StrictHostKeyChecking yes

Sane global defaults:

HashKnownHosts no
Host *
    GSSAPIAuthentication no
    ForwardAgent no

Notify new ssh connections:

Host *
    PermitLocalCommand yes
    LocalCommand /home/user/bin/ssh-notify.sh %h

Setup host forward ports:

Host port-forwards-site1.company.com
  Hostname server1.company.com
  LocalForward 1234 10.0.0.101:1234

Jumphosts:

Host jumphost.company.com
  ProxyCommand none
Host *.company.com
  ProxyCommand ssh jumphost.company.com nc -q0 %h %p

–or– ProxyCommand ssh -W %h:%p jumphost.company.com

Keep it Alive:

ServerAliveInterval 30
ServerAliveCountMax 4