Re: [tlug] Making my LAN a passwordless zone

[David Shanahan <david@example.com>]

On Fri, Jul 10, 2009 at 4:01 PM, Doug McLean <dmclean635@example.com> wrote:
> Almost forget to suggest.  When you do setup your keys, scripts and so
> on, it's a good idea to use a minimalist ssh command to prevent abuse
> by other folks.
>
> Something like:
>
> ssh -2 -x (destination)
>
> Does a couple things.  SSHv2 is more secure than SSHv1 due to
> improvements in its redundancy checks among other things.

You are probably not going to use v1 so you can put this in your
~/.ssh/config to have these options on by default.
e.g.

 Protocol 2
 # and if you don't want X11 forwarding
 ForwardX11 no

man ssh_config  for details and more options.

Commands that exec ssh like rsync should also use these defaults.