Client Configuration

Most SSH security pertains to the server, but SSH clients have security-related settings too. Here are a few tips:

Whenever you leave a computer while SSH clients are running, lock the computer's display with a password-protected screen locker. This is particularly important if you're running an agent that permits an intruder to access your remote accounts without a passphrase.
In your client configuration file, turn on some safety features as mandatory values:
```
# SSH1, OpenSSH # Put at the top of your configuration file Host * FallBackToRsh no UseRsh no GatewayPorts no StrictHostKeyChecking ask # SSH2 only # Put at the bottom of your configuration file *: GatewayPorts no StrictHostKeyChecking ask
```
FallBackToRsh and UseRsh prevent the insecure r-commands from invocation by SSH without your knowledge. (These aren't present in SSH2.) The GatewayPorts value forbids remote clients from connecting to locally forwarded ports. Finally, rather than blindly connect, the StrictHostKey-Checking value warns you of any changed host keys and asks what you want to do.