home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

commit 3c9c24c20c57298567fec11b73433b9387b6a866
parent 9a19e232c0f4f10ab5bd0ec5a1ff44422db9f0f7
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Thu, 14 Apr 2022 19:29:53 +0200

users/vincent: configure strict host key checking…

… and add pre-configured ones.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Musers/vincent/core/ssh.nix | 16++++++++++++++++
1 file changed, 16 insertions(+), 0 deletions(-)

diff --git a/users/vincent/core/ssh.nix b/users/vincent/core/ssh.nix @@ -91,10 +91,26 @@ in }; } // homeConfig // vpnConfig; extraConfig = '' + GlobalKnownHostsFile ~/.config/ssh/ssh_known_hosts ~/.config/ssh/ssh_known_hosts.redhat ~/.config/ssh/ssh_known_hosts.mutable + StrictHostKeyChecking yes PreferredAuthentications gssapi-with-mic,publickey,password GSSAPIAuthentication yes GSSAPIDelegateCredentials yes StreamLocalBindUnlink yes ''; }; + # FIXME generate this file as well + xdg.configFile."ssh/ssh_known_hosts".text = '' + # Home + wakasu.home,wakasu.vpn,10.100.0.8,192.168.1.77 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2GB030S1+iZMqwgYhkl5CuBOKBjZoujc0aVHII39/x + aomi.home,aomi.vpn,10.100.0.17,192.168.1.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME + sakhalin.home,sakhalin.vpn,10.100.0.16,192.168.1.70 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/PMBThi4DhgZR8VywbRDzzMVh2Qp3T6NJAcPubfXz6 + kerkouane.vpn ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJguVoQYObRLyNxELFc3ai2yDJ25+naiM3tKrBGuxwwA + synodine.home,192.168.1.20 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWdnPJg0Y4kd4lHPAGE4xgMAK2qvMg3oBxh0t+xO+7O + ''; + xdg.configFile."ssh/ssh_known_hosts.redhat".text = '' + # Red Hat + gitlab.cee.redhat.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBgflBIyju1LV/29PmFDw0GLdB9h0JUXglNrvWjBQ2u + code.engineering.redhat.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYZZXmzm14TUL02Qe5SCMw48OfrphoIzi4qXSEK9Hiq + ''; }