Index: ssh_config =================================================================== --- ssh_config.orig +++ ssh_config @@ -67,5 +67,12 @@ ForwardX11Trusted yes SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT SendEnv LC_IDENTIFICATION LC_ALL -# VisualHostKey no +# This will print the fingerprint of the host key in "visual" form +# this should make it easier to also recognize bad things +VisualHostKey no + +# This will hash new host keys and make them so unusable for malicious +# people or software trying to use known_hosts to find further hops. +HashKnownHosts yes + # ProxyCommand ssh -q -W %h:%p gateway.example.com