Mercurial > index.cgi > dotfiles

view .ssh/config @ 264:bb69763716a7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Buncha changes for floyd thanks to RHEL8
author Steve Huston <huston@princeton.edu>
date Thu, 18 Apr 2024 13:37:00 -0400
parents 2b3e169f8182
children df0b24d4fabd
line wrap: on
line source

# Host-specific things at the top, and get less specific as you go; first
# match wins

# Turn things off for floyd - it doesn't need them
# And with RHEL8 it got worse, this thing needs to be retired...
Host floyd floyd-mgmt floyd-mgmt.astro.internal
  HostName floyd-mgmt
  ForwardAgent no
  ForwardX11 no
  ForwardX11Trusted no
  IdentitiesOnly yes
  IdentityFile ~/.ssh/old/dsa2.pvt
  KexAlgorithms +diffie-hellman-group1-sha1
  HostKeyAlgorithms +ssh-dss
  PubkeyAcceptedKeyTypes +ssh-dss
  Ciphers +3des-cbc

# If we're not on the Princeton wired network, csesbh2 should proxy through
# xanadu
Match host csesbh2.princeton.edu exec "~/.ssh/onsubnet --not 128.112."
  ProxyJump xanadu.astro.princeton.edu

# If we're not on Princeton wired network, and not at home, then connections
# to joshua should tunnel through xanadu
Match host joshua.srhuston.net exec "~/.ssh/onsubnet --not 128.112. && [[ `curl -s checkip.amazonaws.com` != 100.11.40.19 ]]"
  ProxyJump xanadu.astro.princeton.edu

# But if we *are* home, convert joshua into its internal IP address
Match host joshua.srhuston.net exec "test `curl -s checkip.amazonaws.com` == 100.11.40.19"
  HostName 192.168.7.49

# Some "local" hosts, rather than configuring DNS or hosts files
Match host milton exec "test `curl -s checkip.amazonaws.com` == 100.11.40.19"
  HostName 192.168.7.56

Match host syrinx exec "test `curl -s checkip.amazonaws.com` == 100.11.40.19"
  HostName 192.168.7.109

Match host aprs exec "test `curl -s checkip.amazonaws.com` == 100.11.40.19"
  HostName 192.168.7.57
  User pi

# Shared connection for xanadu, csesbh2, and joshua
# Including w2zq too, though I don't usually want those to stick around -
# they'll get canceled when the proxy use is finished
Host xanadu.astro.princeton.edu csesbh2.princeton.edu joshua.srhuston.net w2zq.mywire.org
  User huston
  ControlMaster auto
  ControlPersist yes
  ControlPath ~/.ssh/sockets/%C
  ServerAliveInterval 30
  # This is the default, putting here to document
  ServerAliveCountMax 3

# Everything is fine for the Raspberry Pi, just need a different user
Host cake cake.srhuston.net
  User pi
  ForwardAgent yes
  ForwardX11 yes
  ForwardX11Trusted yes

# Allow everything for CSES, astro, local, and home hosts w/ FQDN
Host cses*.princeton.edu *.rc.princeton.edu *.rc *.astro.princeton.edu *.srhuston.net *.local
  User huston
  ForwardAgent yes
  ForwardX11 yes
  ForwardX11Trusted yes
  ServerAliveInterval 30

# Deny everything for other hosts w/ a dot
Host *.*
  ForwardAgent no
  ForwardX11 no
  ForwardX11Trusted no

# Now allow for anything else - if we're typing a single hostname, it's likely
# trusted.
Host *
  User huston
  ForwardAgent yes
  ForwardX11 yes
  ForwardX11Trusted yes
  ServerAliveInterval 30