#	$OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# CERN customisation
Host *
	# Krb4 and AFS only work well over SSH-1
        Protocol 1,2
	# better than open X11 ports
        ForwardX11 yes
	# unfortunately lots of old apps needs this
	ForwardX11Trusted yes
	# complaint from Sec team
        ForwardAgent no
	# limit impact in case of account compromise
	HashKnownHosts yes
        StrictHostKeyChecking ask
	# enable Krb5 over SSH-2
	GSSAPIAuthentication yes
	GSSAPIDelegateCredentials yes
