SSH

Options of /etc/ssh/ssh_config or ~/.ssh/config:
 * CheckHostIP yes | no - Identifies a remote system using IP address in addition to a hostname from known_host file when set to yes. Set to it to no to use a hostname only. Default : yes
 * ForwardX11 yes | no -  When set to yes, automatically forwards X11 connections over a secure channel in nontrusted mode and sets the DISPLAY shell variable.
 * ForwardX11Trusted yes | no - Work in conjunction with ForwardX11 which must be set to yes for this keyword to have any effect.
 * HashKnownHosts - Causes OpenSSH to hash hostnanmes and address in ~/.ssh/known_hosts file when set to yes. When set to no, the hostnames and adresses are written in cleartext.
 * Host hostnames - Specifies that the following declaration, until the next Host declaration apply only to hosts that hostnames matches. The hostnames is a whitespace-separated list that can include ? or * wildcards. A single * specifies all hosts. Without this keyword, all declaration apply to all hosts.
 * HostbasedAuthentication yes | no - Tries rhost authentication when set to yes. For more secure system, set to no.
 * HostKeyAlhorithms algorithms - The algorithms is a comma-separated list of algorithms the client uses in order of preference. Choose algorithms from ssh-rsa or ssh-dss.
 * Port - Causes OpenSSH to connect to remote system on port num
 * StrictHostKeyChecking yes | no | ask - Determines whether and how openSSH adds host keys to a user's known_hosts file. Set this option to ask to ask whether to add a host key when connecting to a new system, set it to no to add a host key automatically and set it to yes to require host keys to be added manually. The yes and ask  arguments cause OpenSSH to refuse to connect to a system whose host key has changed. For a more secure system set to yes or ask. Default is ask.
 * TCPKeepAlive yes | no -  Periodically checks whether a connection is alive when set to yes. Checking causes the ssh or ssh connnection to be dropped when the server crashes or the connection dies for another reason. This option tests the connection at the TCP layer. Default is yes. 
 * User name -  Specifies a username to use when logging on a system.
 * VisualHostKey yes|no - Displays the ASCII art represenation of the key of the remote system in addition to displaying the hex representation of the key when set to yes.  Default is no

ssh-copy-id- to log in on or copy files to and from another system without supplying a password, you must copy the ~/.ssh/id_rsa.pub from client to a file named ~/ssh/authorized_keys

Options of /etc/ssh/sshd_config
 * AllowUsers userlist  - The user list is a space-separated list of usernames that specifies which users are allowed to log in using sshd. This list can include * or ? wildcards. You can specify a user as user or user@host. If you are using the second format, make sure you specify the host as returned by hostname,
 * ClientAliveCountMax n  - The n specifies the number of client-alive messages that can be sent without receiving a response before sshd disconnnects form the client. Default is 3
 * ClientAliveInterval n- Sends a message through the encrypted channel after n seconds of not receiving a message from the client.
 * DenyUsers -  The userlist  is a space-separated list of usernames that specifies users who are not allowed to log in using sshd. This list can include * or ? wildcards
 * ForceCommand command - Executes command ignoring commands specified by the client and commands in the optional ~/ssh/ssh/rc file
 * HostBasedAuthentication yes | no - Tries rhosts and /etc/hosts.equiv authentication when set to yes. Default is no.
 * IgnoreRhosts yes | no - Ignore .rhosts and .shosts files for authentication. Does not affect the use of /etc/hosts.equiv and /etc/ssh/shosts.equiv files for authentication. Default yes
 * LoginGraceTime n - Waits n seconds for user to log in on the server before disconnecting. A value of 0 means there is no time limit. Default 120 sec
 * LoginLevel val - Specifies how detailed the log messages are. Choose val from QUIET,FATAL,ERROR,INFO and VERBOSE. Default is INFO
 * PasswordAuthentication yes | no - Permits a user to use a password for authentication. Default is yes
 * PermitEmptyPassword yes | no - Permits a user to log in on an account that has an empty password. Default is no.
 * PermitRootLogin yes | without-password | forced-commands-only | no - Permit root to log in using OpenSSH. Default is yes.
 * PermitUserEnviroment yes | no - Permits a user to modify the enviroment. Default is no.
 * Port num - Specifies the sshd server server listen on port num. It might improve security to change num to non-standard port.
 * StrictModes yes | no - Checks modes and ownership of the user's home directory and files. Login fails for users other than the owner if the directories/or files can be written to by anyone other than the owner. For a more secure system, set this declaration to yes. Default : yes.
 * SyslogFacility val - Specifies the facility name
 * TCPKeepAlives yes | no - Periodically checks whether a connection is alive. Default is yes.
 * X11Forwarding yes | no - Allows X11 forwarding when set to yes.