Re-order SSH config to be less binding

1 files changed, 25 insertions, 19 deletions

diff --git a/.ssh/config b/.ssh/config
index c4afd33..6e3089e 100644
--- a/.ssh/config
+++ b/.ssh/config
@@ -1,24 +1,5 @@
 # vim:ft=sshconfig:
 
-ServerAliveInterval 60
-ConnectTimeout 10
-ConnectionAttempts 10
-HashKnownHosts yes
-
-# Don't offer all agent identities to each host. Requires a matching
-# Host with one or more IdentityFile options specified. These can be
-# a private key or a public key that the agent holds.
-IdentitiesOnly yes
-
-# Allow SSH-RSA keys for now since so many things (especially network
-# and datacenter gear) still want them and Fedora has disabled them by
-# default.
-PubkeyAcceptedKeyTypes +ssh-rsa
-HostKeyAlgorithms +ssh-rsa
-
-# Would be nice to one day publish public keys in DNS, but for now this
-# just slows down connections and most hosts aren't published.
-#VerifyHostKeyDNS yes
 
 Host mcrute-virt mcrute-virt.sea1.crute.me
     User mcrute
@@ -43,3 +24,28 @@ Host github.com
 
 Host gitlab.alpinelinux.org
     IdentityFile ~/.ssh/id_rsa.home.pub
+
+Host *
+    ServerAliveInterval 60
+    ConnectTimeout 10
+    ConnectionAttempts 10
+    HashKnownHosts yes
+
+    # Don't offer all agent identities to each host. Requires a matching
+    # Host with one or more IdentityFile options specified. These can be
+    # a private key or a public key that the agent holds.
+    #
+    # But... this breaks the ProxyCommand that relies on certificates. Not
+    # sure how to remedy that.
+    #
+    IdentitiesOnly yes
+
+    # Allow SSH-RSA keys for now since so many things (especially network
+    # and datacenter gear) still want them and Fedora has disabled them by
+    # default.
+    PubkeyAcceptedKeyTypes +ssh-rsa
+    HostKeyAlgorithms +ssh-rsa
+
+    # Would be nice to one day publish public keys in DNS, but for now this
+    # just slows down connections and most hosts aren't published.
+    #VerifyHostKeyDNS yes