commit 3c9c24c20c57298567fec11b73433b9387b6a866
parent 9a19e232c0f4f10ab5bd0ec5a1ff44422db9f0f7
Author: Vincent Demeester <vincent@sbr.pm>
Date: Thu, 14 Apr 2022 19:29:53 +0200
users/vincent: configure strict host key checking…
… and add pre-configured ones.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
1 file changed, 16 insertions(+), 0 deletions(-)
diff --git a/users/vincent/core/ssh.nix b/users/vincent/core/ssh.nix
@@ -91,10 +91,26 @@ in
};
} // homeConfig // vpnConfig;
extraConfig = ''
+ GlobalKnownHostsFile ~/.config/ssh/ssh_known_hosts ~/.config/ssh/ssh_known_hosts.redhat ~/.config/ssh/ssh_known_hosts.mutable
+ StrictHostKeyChecking yes
PreferredAuthentications gssapi-with-mic,publickey,password
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
StreamLocalBindUnlink yes
'';
};
+ # FIXME generate this file as well
+ xdg.configFile."ssh/ssh_known_hosts".text = ''
+ # Home
+ wakasu.home,wakasu.vpn,10.100.0.8,192.168.1.77 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2GB030S1+iZMqwgYhkl5CuBOKBjZoujc0aVHII39/x
+ aomi.home,aomi.vpn,10.100.0.17,192.168.1.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME
+ sakhalin.home,sakhalin.vpn,10.100.0.16,192.168.1.70 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/PMBThi4DhgZR8VywbRDzzMVh2Qp3T6NJAcPubfXz6
+ kerkouane.vpn ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJguVoQYObRLyNxELFc3ai2yDJ25+naiM3tKrBGuxwwA
+ synodine.home,192.168.1.20 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWdnPJg0Y4kd4lHPAGE4xgMAK2qvMg3oBxh0t+xO+7O
+ '';
+ xdg.configFile."ssh/ssh_known_hosts.redhat".text = ''
+ # Red Hat
+ gitlab.cee.redhat.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBgflBIyju1LV/29PmFDw0GLdB9h0JUXglNrvWjBQ2u
+ code.engineering.redhat.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYZZXmzm14TUL02Qe5SCMw48OfrphoIzi4qXSEK9Hiq
+ '';
}