view .ssh/config @ 280:5140712f8bd6

Config for new joshua host's IP, probably easier to get used to a new IP than move them around
author Steve Huston <huston@srhuston.net>
date Sun, 07 Jul 2024 22:51:55 -0400
parents df0b24d4fabd
children 1becad4fc13d
line wrap: on
line source

# Host-specific things at the top, and get less specific as you go; first
# match wins

# Turn things off for floyd - it doesn't need them
# And with RHEL8 it got worse, this thing needs to be retired...
Host floyd floyd-mgmt floyd-mgmt.astro.internal
  HostName floyd-mgmt
  ForwardAgent no
  ForwardX11 no
  ForwardX11Trusted no
  IdentitiesOnly yes
  IdentityFile ~/.ssh/old/dsa2.pvt
  KexAlgorithms +diffie-hellman-group1-sha1
  HostKeyAlgorithms +ssh-dss
  PubkeyAcceptedKeyTypes +ssh-dss
  Ciphers +3des-cbc

# If we're not on the Princeton wired network, csesbh2 should proxy through
# xanadu
Match host csesbh2.princeton.edu exec "~/.ssh/onsubnet --not 128.112."
  ProxyJump xanadu.astro.princeton.edu

# If we're not on Princeton wired network, and not at home, then connections
# to joshua should tunnel through xanadu
Match host joshua.srhuston.net exec "~/.ssh/onsubnet --not 128.112. && ~/.ssh/athome --not"
  ProxyJump xanadu.astro.princeton.edu

# But if we *are* home, convert joshua into its internal IP address
Match host joshua.srhuston.net exec "~/.ssh/athome"
  HostName 192.168.7.49

# New joshua host on the N100
Match host newjoshua exec "~/.ssh/athome"
  HostName 192.168.7.252

# Some "local" hosts, rather than configuring DNS or hosts files
Match host milton exec "~/.ssh/athome"
  HostName 192.168.7.56

Match host syrinx exec "~/.ssh/athome"
  HostName 192.168.7.109

Match host aprs exec "~/.ssh/athome"
  HostName 192.168.7.57
  User pi

# Shared connection for xanadu, csesbh2, and joshua
# Including w2zq too, though I don't usually want those to stick around -
# they'll get canceled when the proxy use is finished
Host xanadu.astro.princeton.edu csesbh2.princeton.edu joshua.srhuston.net w2zq.mywire.org
  User huston
  ControlMaster auto
  ControlPersist yes
  ControlPath ~/.ssh/sockets/%C
  ServerAliveInterval 30
  # This is the default, putting here to document
  ServerAliveCountMax 3

# Everything is fine for the Raspberry Pi, just need a different user
Host cake cake.srhuston.net
  User pi
  ForwardAgent yes
  ForwardX11 yes
  ForwardX11Trusted yes

# Allow everything for CSES, astro, local, and home hosts w/ FQDN
Host cses*.princeton.edu *.rc.princeton.edu *.rc *.astro.princeton.edu *.srhuston.net *.local
  User huston
  ForwardAgent yes
  ForwardX11 yes
  ForwardX11Trusted yes
  ServerAliveInterval 30

# Deny everything for other hosts w/ a dot
Host *.*
  ForwardAgent no
  ForwardX11 no
  ForwardX11Trusted no

# Now allow for anything else - if we're typing a single hostname, it's likely
# trusted.
Host *
  User huston
  ForwardAgent yes
  ForwardX11 yes
  ForwardX11Trusted yes
  ServerAliveInterval 30