path: root/private_dot_ssh/config.tmpl

HashKnownHosts no
VisualHostKey yes
CheckHostIP yes
NoHostAuthenticationForLocalhost yes

## Debian hosts
Host master
    Hostname %h.debian.org
Host *.debian.org master !*.ssh.debian.org !ssh.debian.org
    ProxyJump ssh.debian.org
Match final host="*.debian.org"
    UserKnownHostsFile ~/.ssh/known_hosts.d/debian

## QueensU hosts
Host pinky brain
    HostName %h.cs.queensu.ca
Host linux1 hera zeus
    HostName %h.caslab.queensu.ca
Host *.caslab.queensu.ca w310 ubuntu athena linux1 hera zeus
    User ryankca
Host *.cs.queensu.ca ciscwww pinky brain
    User ryan
Host *.queensu.ca w310 ubuntu athena linux1 hera zeus ciscwww pinky brain
    StrictHostKeyChecking yes
    UserKnownHostsFile ~/.ssh/known_hosts.d/queensu.ca

## McGill hosts
Host *.cs.mcgill.ca
    User ryank
    StrictHostKeyChecking yes
    UserKnownHostsFile ~/.ssh/known_hosts.d/cs.mcgill.ca

## Ubuntu hosts
Host puc people.ubuntu.com
    Hostname people.ubuntu.com
    User ryanakca

## rak.ac hosts
Host hades eos
    HostName %h.rak.ac
Host zeta demeter asteria
    Hostname %h.home.arpa
Host hades hades.rak.ac hades.home.arpa
    CertificateFile ~/.ssh/keys/%L/certs/%h.pub
Host eos eos.rak.ac eos.home.arpa
    CertificateFile ~/.ssh/keys/%L/certs/%h.pub
Match final host="zeta.home.arpa,demeter.home.arpa,asteria.home.arpa"
    CertificateFile ~/.ssh/keys/%L/certs/rak.pub
Match final host="*.rak.ac,*.ryanak.ca,*.home.arpa"
    UpdateHostKeys no
    UserKnownHostsFile ~/.ssh/known_hosts.d/rak.ac
    StrictHostKeyChecking yes

## CMU hosts
Host cclub
    Hostname unix.club.cc.cmu.edu
Host whelk oyster clam
    Hostname %h.club.cc.cmu.edu
Match final host="*.club.cc.cmu.edu"
    {{- if (ne .chezmoi.os "openbsd") }}
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials yes
    GSSAPITrustDNS yes
    {{ end }}
    UserKnownHostsFile ~/.ssh/known_hosts.d/club.cc.cmu.edu
Match final host="*.andrew.cmu.edu,*.cs.cmu.edu"
    {{- if (ne .chezmoi.os "openbsd") }}
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials yes
    {{ end }}
    User rkavanag

## SDF hosts
Host faeroes.sdf.org
    ControlMaster auto
    ControlPath ~/.ssh/cm_socket/%r@%h:%p
Host sdf
    Hostname tty.sdf.org
Match final host="*.sdf.org"
    UserKnownHostsFile ~/.ssh/known_hosts.d/sdf.org
    CertificateFile ~/.ssh/keys/%L/%L-cert.pub

## Misc hosts
Host republic republic.circumlunar.space
    Hostname republic.circumlunar.space
Host telehack
    Hostname telehack.com
    User ryanakca
    Port 6668
Host tt tilde.team
    Hostname tilde.team
Host grex grex.org
    Hostname grex.org
    Ciphers aes256-gcm@openssh.com
Host rtc rawtext.club
    Hostname rawtext.club
Host *.github.com
    HostKeyAlias github-server-pool.github.com
Host rsync.net
    Hostname de1270.rsync.net
    UserKnownHostsFile ~/.ssh/known_hosts.d/rsync.net
    User de1270
Host github.com *.github.com
    # Don't spam known_hosts with github's many IPs
    # Especially given that they just use the same key
    # everywhere (contrary to best practices)
    CheckHostIp no
    StrictHostKeyChecking yes

## Global defaults
Host *
    ForwardX11 no
    CertificateFile ~/.ssh/keys/%L/certs/rak.pub

# vim: set ft=sshconfig: