diff options
author | Mike Crute <mike@crute.us> | 2023-08-28 08:10:10 -0700 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2023-08-28 08:10:10 -0700 |
commit | d73f7b86b266c60c605a1787f5e99ffc5619cd51 (patch) | |
tree | df6178849476a43411f55df8f40c7deecf0d32ae | |
parent | b005527a86c4c828efeb6188379cccc98d6eb327 (diff) | |
download | dotfiles-d73f7b86b266c60c605a1787f5e99ffc5619cd51.tar.bz2 dotfiles-d73f7b86b266c60c605a1787f5e99ffc5619cd51.tar.xz dotfiles-d73f7b86b266c60c605a1787f5e99ffc5619cd51.zip |
Re-order SSH config to be less binding
-rw-r--r-- | .ssh/config | 44 |
1 files changed, 25 insertions, 19 deletions
diff --git a/.ssh/config b/.ssh/config index c4afd33..6e3089e 100644 --- a/.ssh/config +++ b/.ssh/config | |||
@@ -1,24 +1,5 @@ | |||
1 | # vim:ft=sshconfig: | 1 | # vim:ft=sshconfig: |
2 | 2 | ||
3 | ServerAliveInterval 60 | ||
4 | ConnectTimeout 10 | ||
5 | ConnectionAttempts 10 | ||
6 | HashKnownHosts yes | ||
7 | |||
8 | # Don't offer all agent identities to each host. Requires a matching | ||
9 | # Host with one or more IdentityFile options specified. These can be | ||
10 | # a private key or a public key that the agent holds. | ||
11 | IdentitiesOnly yes | ||
12 | |||
13 | # Allow SSH-RSA keys for now since so many things (especially network | ||
14 | # and datacenter gear) still want them and Fedora has disabled them by | ||
15 | # default. | ||
16 | PubkeyAcceptedKeyTypes +ssh-rsa | ||
17 | HostKeyAlgorithms +ssh-rsa | ||
18 | |||
19 | # Would be nice to one day publish public keys in DNS, but for now this | ||
20 | # just slows down connections and most hosts aren't published. | ||
21 | #VerifyHostKeyDNS yes | ||
22 | 3 | ||
23 | Host mcrute-virt mcrute-virt.sea1.crute.me | 4 | Host mcrute-virt mcrute-virt.sea1.crute.me |
24 | User mcrute | 5 | User mcrute |
@@ -43,3 +24,28 @@ Host github.com | |||
43 | 24 | ||
44 | Host gitlab.alpinelinux.org | 25 | Host gitlab.alpinelinux.org |
45 | IdentityFile ~/.ssh/id_rsa.home.pub | 26 | IdentityFile ~/.ssh/id_rsa.home.pub |
27 | |||
28 | Host * | ||
29 | ServerAliveInterval 60 | ||
30 | ConnectTimeout 10 | ||
31 | ConnectionAttempts 10 | ||
32 | HashKnownHosts yes | ||
33 | |||
34 | # Don't offer all agent identities to each host. Requires a matching | ||
35 | # Host with one or more IdentityFile options specified. These can be | ||
36 | # a private key or a public key that the agent holds. | ||
37 | # | ||
38 | # But... this breaks the ProxyCommand that relies on certificates. Not | ||
39 | # sure how to remedy that. | ||
40 | # | ||
41 | IdentitiesOnly yes | ||
42 | |||
43 | # Allow SSH-RSA keys for now since so many things (especially network | ||
44 | # and datacenter gear) still want them and Fedora has disabled them by | ||
45 | # default. | ||
46 | PubkeyAcceptedKeyTypes +ssh-rsa | ||
47 | HostKeyAlgorithms +ssh-rsa | ||
48 | |||
49 | # Would be nice to one day publish public keys in DNS, but for now this | ||
50 | # just slows down connections and most hosts aren't published. | ||
51 | #VerifyHostKeyDNS yes | ||