openbsd openssh does't support gssapi*, template it out

1 files changed, 115 insertions, 0 deletions

diff --git a/private_dot_ssh/config.tmpl b/private_dot_ssh/config.tmpl
new file mode 100644
index 0000000..b7117af
--- /dev/null
+++ b/private_dot_ssh/config.tmpl
@@ -0,0 +1,115 @@
+HashKnownHosts no
+VisualHostKey yes
+CheckHostIP yes
+NoHostAuthenticationForLocalhost yes
+
+## Debian hosts
+Host master
+    Hostname %h.debian.org
+Host *.debian.org master !*.ssh.debian.org !ssh.debian.org
+    ProxyJump ssh.debian.org
+Match final host="*.debian.org"
+    UserKnownHostsFile ~/.ssh/known_hosts.d/debian
+
+## QueensU hosts
+Host pinky brain
+    HostName %h.cs.queensu.ca
+Host linux1 hera zeus
+    HostName %h.caslab.queensu.ca
+Host *.caslab.queensu.ca w310 ubuntu athena linux1 hera zeus
+    User ryankca
+Host *.cs.queensu.ca ciscwww pinky brain
+    User ryan
+Host *.queensu.ca w310 ubuntu athena linux1 hera zeus ciscwww pinky brain
+    StrictHostKeyChecking yes
+    UserKnownHostsFile ~/.ssh/known_hosts.d/queensu.ca
+
+## McGill hosts
+Host *.cs.mcgill.ca
+    User ryank
+    StrictHostKeyChecking yes
+    UserKnownHostsFile ~/.ssh/known_hosts.d/cs.mcgill.ca
+
+## Ubuntu hosts
+Host puc people.ubuntu.com
+    Hostname people.ubuntu.com
+    User ryanakca
+
+## rak.ac hosts
+Host hades eos
+    HostName %h.rak.ac
+Host zeta demeter asteria
+    Hostname %h.home.arpa
+Host hades hades.rak.ac hades.home.arpa
+    CertificateFile ~/.ssh/keys/%L/certs/%h.pub
+Host eos eos.rak.ac eos.home.arpa
+    CertificateFile ~/.ssh/keys/%L/certs/%h.pub
+Match final host="zeta.home.arpa,demeter.home.arpa,asteria.home.arpa"
+    CertificateFile ~/.ssh/keys/%L/certs/rak.pub
+Match final host="*.rak.ac,*.ryanak.ca,*.home.arpa"
+    UpdateHostKeys no
+    UserKnownHostsFile ~/.ssh/known_hosts.d/rak.ac
+    StrictHostKeyChecking yes
+
+## CMU hosts
+Host cclub
+    Hostname unix.club.cc.cmu.edu
+Host whelk oyster clam
+    Hostname %h.club.cc.cmu.edu
+Match final host="*.club.cc.cmu.edu"
+    {{- if (ne .chezmoi.os "openbsd") }}
+    GSSAPIAuthentication yes
+    GSSAPIDelegateCredentials yes
+    GSSAPITrustDNS yes
+    {{ end }}
+    UserKnownHostsFile ~/.ssh/known_hosts.d/club.cc.cmu.edu
+Match final host="*.andrew.cmu.edu,*.cs.cmu.edu"
+    {{- if (ne .chezmoi.os "openbsd") }}
+    GSSAPIAuthentication yes
+    GSSAPIDelegateCredentials yes
+    {{ end }}
+    User rkavanag
+
+## SDF hosts
+Host faeroes.sdf.org
+    ControlMaster auto
+    ControlPath ~/.ssh/cm_socket/%r@%h:%p
+Host sdf
+    Hostname tty.sdf.org
+Match final host="*.sdf.org"
+    UserKnownHostsFile ~/.ssh/known_hosts.d/sdf.org
+    CertificateFile ~/.ssh/keys/%L/%L-cert.pub
+
+## Misc hosts
+Host republic republic.circumlunar.space
+    Hostname republic.circumlunar.space
+Host telehack
+    Hostname telehack.com
+    User ryanakca
+    Port 6668
+Host tt tilde.team
+    Hostname tilde.team
+Host grex grex.org
+    Hostname grex.org
+    Ciphers aes256-gcm@openssh.com
+Host rtc rawtext.club
+    Hostname rawtext.club
+Host *.github.com
+    HostKeyAlias github-server-pool.github.com
+Host rsync.net
+    Hostname de1270.rsync.net
+    UserKnownHostsFile ~/.ssh/known_hosts.d/rsync.net
+    User de1270
+Host github.com *.github.com
+    # Don't spam known_hosts with github's many IPs
+    # Especially given that they just use the same key
+    # everywhere (contrary to best practices)
+    CheckHostIp no
+    StrictHostKeyChecking yes
+
+## Global defaults
+Host *
+    ForwardX11 no
+    CertificateFile ~/.ssh/keys/%L/certs/rak.pub
+
+# vim: set ft=sshconfig: