Mercurial > index.cgi > dotfiles

view .ssh/config @ 222:27bc245f4194

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Keep yourself alive
author Steve Huston <huston@astro.princeton.edu>
date Wed, 26 May 2021 15:55:48 -0400
parents 81d5d7484f31
children 2b3e169f8182
line wrap: on
line source

# Host-specific things at the top, and get less specific as you go; first
# match wins

# Turn things off for floyd - it doesn't need them
Host floyd-mgmt floyd-mgmt.astro.internal
  ForwardAgent no
  ForwardX11 no
  ForwardX11Trusted no

# If we're not on the Princeton wired network, csesbh2 should proxy through
# xanadu
Match host csesbh2.princeton.edu exec "~/.ssh/onsubnet --not 128.112."
  ProxyJump xanadu.astro.princeton.edu

# If we're not on Princeton wired network, and not at home, then connections
# to joshua should tunnel through xanadu
Match host joshua.srhuston.net exec "~/.ssh/onsubnet --not 128.112. && [[ `curl -s checkip.amazonaws.com` != 100.11.40.19 ]]"
  ProxyJump xanadu.astro.princeton.edu

# But if we *are* home, convert joshua into its internal IP address
Match host joshua.srhuston.net exec "test `curl -s checkip.amazonaws.com` == 100.11.40.19"
  HostName 192.168.7.49

# Some "local" hosts, rather than configuring DNS or hosts files
Match host milton exec "test `curl -s checkip.amazonaws.com` == 100.11.40.19"
  HostName 192.168.7.56

Match host syrinx exec "test `curl -s checkip.amazonaws.com` == 100.11.40.19"
  HostName 192.168.7.109

Match host aprs exec "test `curl -s checkip.amazonaws.com` == 100.11.40.19"
  HostName 192.168.7.57
  User pi

# Shared connection for xanadu, csesbh2, and joshua
Host xanadu.astro.princeton.edu csesbh2.princeton.edu joshua.srhuston.net
  User huston
  ControlMaster auto
  ControlPersist yes
  ControlPath ~/.ssh/sockets/%C
  ServerAliveInterval 30
  # This is the default, putting here to document
  ServerAliveCountMax 3

# Everything is fine for the Raspberry Pi, just need a different user
Host cake cake.srhuston.net
  User pi
  ForwardAgent yes
  ForwardX11 yes
  ForwardX11Trusted yes

# Allow everything for CSES, astro, local, and home hosts w/ FQDN
Host cses*.princeton.edu *.rc.princeton.edu *.rc *.astro.princeton.edu *.srhuston.net *.local
  User huston
  ForwardAgent yes
  ForwardX11 yes
  ForwardX11Trusted yes
  ServerAliveInterval 30

# Deny everything for other hosts w/ a dot
Host *.*
  ForwardAgent no
  ForwardX11 no
  ForwardX11Trusted no

# Now allow for anything else - if we're typing a single hostname, it's likely
# trusted.
Host *
  User huston
  ForwardAgent yes
  ForwardX11 yes
  ForwardX11Trusted yes
  ServerAliveInterval 30