home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit ef61248cf6dd13dceba1679b67d4fa02b559433e
parent 31145e31e6b744fddb36564fe9c3ab251f1d3f03
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Sun,  7 Oct 2018 00:15:08 +0200

ssh: update default configuration 🔑

A tiny bit more secure

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mssh.nix | 31++++++++++++++++++++++++-------
1 file changed, 24 insertions(+), 7 deletions(-)

diff --git a/ssh.nix b/ssh.nix @@ -4,17 +4,34 @@ programs.ssh = { enable = true; - controlMaster = "auto"; - controlPath = "/tmp/ssh-%u-%l-%r@%h:%p"; - controlPersist = "360"; - - forwardAgent = true; serverAliveInterval = 60; - hashKnownHosts = true; userKnownHostsFile = "~/.config/ssh/known_hosts"; - + controlPath = "~/.ssh/sockets/%u-%l-%r@%h:%p"; + matchBlocks = rec { + "github.com" = { + hostname = "github.com"; + user = "git"; + extraOptions = { + controlMaster = "auto"; + controlPersist = "360"; + }; + }; + "gitlab.com" = { + hostname = "gitlab.com"; + user = "git"; + extraOptions = { + controlMaster = "auto"; + controlPersist = "360"; + }; + }; + "*.local" = { + extraOptions = { + controlMaster = "auto"; + controlPersist = "360"; + }; + }; hokkaido-remote = { proxyCommand = "${pkgs.openssh}/bin/ssh -q p.sbr.pm nc localhost 2223"; user = "vincent";