commit ef61248cf6dd13dceba1679b67d4fa02b559433e parent 31145e31e6b744fddb36564fe9c3ab251f1d3f03 Author: Vincent Demeester <vincent@sbr.pm> Date: Sun, 7 Oct 2018 00:15:08 +0200 ssh: update default configuration 🔑 A tiny bit more secure Signed-off-by: Vincent Demeester <vincent@sbr.pm> Diffstat:
M | ssh.nix | | | 31 | ++++++++++++++++++++++++------- |
1 file changed, 24 insertions(+), 7 deletions(-)
diff --git a/ssh.nix b/ssh.nix @@ -4,17 +4,34 @@ programs.ssh = { enable = true; - controlMaster = "auto"; - controlPath = "/tmp/ssh-%u-%l-%r@%h:%p"; - controlPersist = "360"; - - forwardAgent = true; serverAliveInterval = 60; - hashKnownHosts = true; userKnownHostsFile = "~/.config/ssh/known_hosts"; - + controlPath = "~/.ssh/sockets/%u-%l-%r@%h:%p"; + matchBlocks = rec { + "github.com" = { + hostname = "github.com"; + user = "git"; + extraOptions = { + controlMaster = "auto"; + controlPersist = "360"; + }; + }; + "gitlab.com" = { + hostname = "gitlab.com"; + user = "git"; + extraOptions = { + controlMaster = "auto"; + controlPersist = "360"; + }; + }; + "*.local" = { + extraOptions = { + controlMaster = "auto"; + controlPersist = "360"; + }; + }; hokkaido-remote = { proxyCommand = "${pkgs.openssh}/bin/ssh -q p.sbr.pm nc localhost 2223"; user = "vincent";