From cffc290e674c06e1263641a87bb9a04a5217d7a7 Mon Sep 17 00:00:00 2001 From: Ryan Kavanagh Date: Fri, 17 Dec 2021 15:33:26 -0500 Subject: openbsd openssh does't support gssapi*, template it out --- private_dot_ssh/config | 111 ------------------------------------------ private_dot_ssh/config.tmpl | 115 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+), 111 deletions(-) delete mode 100644 private_dot_ssh/config create mode 100644 private_dot_ssh/config.tmpl diff --git a/private_dot_ssh/config b/private_dot_ssh/config deleted file mode 100644 index a9ef846..0000000 --- a/private_dot_ssh/config +++ /dev/null @@ -1,111 +0,0 @@ -HashKnownHosts no -VisualHostKey yes -CheckHostIP yes -NoHostAuthenticationForLocalhost yes - -## Debian hosts -Host master - Hostname %h.debian.org -Host *.debian.org master !*.ssh.debian.org !ssh.debian.org - ProxyJump ssh.debian.org -Match final host="*.debian.org" - UserKnownHostsFile ~/.ssh/known_hosts.d/debian - -## QueensU hosts -Host pinky brain - HostName %h.cs.queensu.ca -Host linux1 hera zeus - HostName %h.caslab.queensu.ca -Host *.caslab.queensu.ca w310 ubuntu athena linux1 hera zeus - User ryankca -Host *.cs.queensu.ca ciscwww pinky brain - User ryan -Host *.queensu.ca w310 ubuntu athena linux1 hera zeus ciscwww pinky brain - StrictHostKeyChecking yes - UserKnownHostsFile ~/.ssh/known_hosts.d/queensu.ca - -## McGill hosts -Host *.cs.mcgill.ca - User ryank - StrictHostKeyChecking yes - UserKnownHostsFile ~/.ssh/known_hosts.d/cs.mcgill.ca - -## Ubuntu hosts -Host puc people.ubuntu.com - Hostname people.ubuntu.com - User ryanakca - -## rak.ac hosts -Host hades eos - HostName %h.rak.ac -Host zeta demeter asteria - Hostname %h.home.arpa -Host hades hades.rak.ac hades.home.arpa - CertificateFile ~/.ssh/keys/%L/certs/%h.pub -Host eos eos.rak.ac eos.home.arpa - CertificateFile ~/.ssh/keys/%L/certs/%h.pub -Match final host="zeta.home.arpa,demeter.home.arpa,asteria.home.arpa" - CertificateFile ~/.ssh/keys/%L/certs/rak.pub -Match final host="*.rak.ac,*.ryanak.ca,*.home.arpa" - UpdateHostKeys no - UserKnownHostsFile ~/.ssh/known_hosts.d/rak.ac - StrictHostKeyChecking yes - -## CMU hosts -Host cclub - Hostname unix.club.cc.cmu.edu -Host whelk oyster clam - Hostname %h.club.cc.cmu.edu -Match final host="*.club.cc.cmu.edu" - GSSAPIAuthentication yes - GSSAPIDelegateCredentials yes - GSSAPITrustDNS yes - UserKnownHostsFile ~/.ssh/known_hosts.d/club.cc.cmu.edu -Match final host="*.andrew.cmu.edu,*.cs.cmu.edu" - GSSAPIAuthentication yes - GSSAPIDelegateCredentials yes - User rkavanag - -## SDF hosts -Host faeroes.sdf.org - ControlMaster auto - ControlPath ~/.ssh/cm_socket/%r@%h:%p -Host sdf - Hostname tty.sdf.org -Match final host="*.sdf.org" - UserKnownHostsFile ~/.ssh/known_hosts.d/sdf.org - CertificateFile ~/.ssh/keys/%L/%L-cert.pub - -## Misc hosts -Host republic republic.circumlunar.space - Hostname republic.circumlunar.space -Host telehack - Hostname telehack.com - User ryanakca - Port 6668 -Host tt tilde.team - Hostname tilde.team -Host grex grex.org - Hostname grex.org - Ciphers aes256-gcm@openssh.com -Host rtc rawtext.club - Hostname rawtext.club -Host *.github.com - HostKeyAlias github-server-pool.github.com -Host rsync.net - Hostname de1270.rsync.net - UserKnownHostsFile ~/.ssh/known_hosts.d/rsync.net - User de1270 -Host github.com *.github.com - # Don't spam known_hosts with github's many IPs - # Especially given that they just use the same key - # everywhere (contrary to best practices) - CheckHostIp no - StrictHostKeyChecking yes - -## Global defaults -Host * - ForwardX11 no - CertificateFile ~/.ssh/keys/%L/certs/rak.pub - -# vim: set ft=sshconfig: diff --git a/private_dot_ssh/config.tmpl b/private_dot_ssh/config.tmpl new file mode 100644 index 0000000..b7117af --- /dev/null +++ b/private_dot_ssh/config.tmpl @@ -0,0 +1,115 @@ +HashKnownHosts no +VisualHostKey yes +CheckHostIP yes +NoHostAuthenticationForLocalhost yes + +## Debian hosts +Host master + Hostname %h.debian.org +Host *.debian.org master !*.ssh.debian.org !ssh.debian.org + ProxyJump ssh.debian.org +Match final host="*.debian.org" + UserKnownHostsFile ~/.ssh/known_hosts.d/debian + +## QueensU hosts +Host pinky brain + HostName %h.cs.queensu.ca +Host linux1 hera zeus + HostName %h.caslab.queensu.ca +Host *.caslab.queensu.ca w310 ubuntu athena linux1 hera zeus + User ryankca +Host *.cs.queensu.ca ciscwww pinky brain + User ryan +Host *.queensu.ca w310 ubuntu athena linux1 hera zeus ciscwww pinky brain + StrictHostKeyChecking yes + UserKnownHostsFile ~/.ssh/known_hosts.d/queensu.ca + +## McGill hosts +Host *.cs.mcgill.ca + User ryank + StrictHostKeyChecking yes + UserKnownHostsFile ~/.ssh/known_hosts.d/cs.mcgill.ca + +## Ubuntu hosts +Host puc people.ubuntu.com + Hostname people.ubuntu.com + User ryanakca + +## rak.ac hosts +Host hades eos + HostName %h.rak.ac +Host zeta demeter asteria + Hostname %h.home.arpa +Host hades hades.rak.ac hades.home.arpa + CertificateFile ~/.ssh/keys/%L/certs/%h.pub +Host eos eos.rak.ac eos.home.arpa + CertificateFile ~/.ssh/keys/%L/certs/%h.pub +Match final host="zeta.home.arpa,demeter.home.arpa,asteria.home.arpa" + CertificateFile ~/.ssh/keys/%L/certs/rak.pub +Match final host="*.rak.ac,*.ryanak.ca,*.home.arpa" + UpdateHostKeys no + UserKnownHostsFile ~/.ssh/known_hosts.d/rak.ac + StrictHostKeyChecking yes + +## CMU hosts +Host cclub + Hostname unix.club.cc.cmu.edu +Host whelk oyster clam + Hostname %h.club.cc.cmu.edu +Match final host="*.club.cc.cmu.edu" + {{- if (ne .chezmoi.os "openbsd") }} + GSSAPIAuthentication yes + GSSAPIDelegateCredentials yes + GSSAPITrustDNS yes + {{ end }} + UserKnownHostsFile ~/.ssh/known_hosts.d/club.cc.cmu.edu +Match final host="*.andrew.cmu.edu,*.cs.cmu.edu" + {{- if (ne .chezmoi.os "openbsd") }} + GSSAPIAuthentication yes + GSSAPIDelegateCredentials yes + {{ end }} + User rkavanag + +## SDF hosts +Host faeroes.sdf.org + ControlMaster auto + ControlPath ~/.ssh/cm_socket/%r@%h:%p +Host sdf + Hostname tty.sdf.org +Match final host="*.sdf.org" + UserKnownHostsFile ~/.ssh/known_hosts.d/sdf.org + CertificateFile ~/.ssh/keys/%L/%L-cert.pub + +## Misc hosts +Host republic republic.circumlunar.space + Hostname republic.circumlunar.space +Host telehack + Hostname telehack.com + User ryanakca + Port 6668 +Host tt tilde.team + Hostname tilde.team +Host grex grex.org + Hostname grex.org + Ciphers aes256-gcm@openssh.com +Host rtc rawtext.club + Hostname rawtext.club +Host *.github.com + HostKeyAlias github-server-pool.github.com +Host rsync.net + Hostname de1270.rsync.net + UserKnownHostsFile ~/.ssh/known_hosts.d/rsync.net + User de1270 +Host github.com *.github.com + # Don't spam known_hosts with github's many IPs + # Especially given that they just use the same key + # everywhere (contrary to best practices) + CheckHostIp no + StrictHostKeyChecking yes + +## Global defaults +Host * + ForwardX11 no + CertificateFile ~/.ssh/keys/%L/certs/rak.pub + +# vim: set ft=sshconfig: -- cgit v1.2.3