explicitly disable defaults for X11 forwarding and host key updating

[etc/ssh.git] / .ssh / config.in

diff --git a/.ssh/config.in b/.ssh/config.in
index c30ca37f5c6e292eb12083076cf07855d0923c49..7f459cb7d7d847d1b5e4eb450227ad6c253439d3 100644 (file)
--- a/.ssh/config.in
+++ b/.ssh/config.in
@@ -87,19 +87,12 @@ Host madduck.net
   User madduck
   HostKeyAlias lotus.madduck.net
 
   User madduck
   HostKeyAlias lotus.madduck.net
 

-Host jugband.madduck.net | jugband
-  ForwardAgent yes
-  Hostname jugband.madduck.net
-

 Host domine.madduck.net | domine
   ForwardAgent yes
   Hostname domine.madduck.net
 Host imap.madduck.net
   HostKeyAlias domine.madduck.net
 
 Host domine.madduck.net | domine
   ForwardAgent yes
   Hostname domine.madduck.net
 Host imap.madduck.net
   HostKeyAlias domine.madduck.net
 

-Host aika.krafftwerk.de | aika
-  Hostname aika.krafftwerk.de
-

 Host sysyphus.madduck.net | sysyphus
   ForwardAgent yes
   Hostname sysyphus.madduck.net
 Host sysyphus.madduck.net | sysyphus
   ForwardAgent yes
   Hostname sysyphus.madduck.net


@@ -179,6 +172,10 @@ Host julia.gern.madduck.net | julia
   ForwardAgent yes
   ForwardX11 yes
 
   ForwardAgent yes
   ForwardX11 yes
 

+Host julia-via-diamond
+  Hostname julia.gern.madduck.net
+  ProxyCommand ssh diamond.madduck.net nc -q0 %h %p
+

 Host git.gern.madduck.net | git.gern
   ForwardAgent yes
   HostKeyAlias julia.gern.madduck.net
 Host git.gern.madduck.net | git.gern
   ForwardAgent yes
   HostKeyAlias julia.gern.madduck.net


@@ -194,6 +191,11 @@ Host pict.gern.madduck.net | pict
   ForwardAgent yes
   ForwardX11 yes
 
   ForwardAgent yes
   ForwardX11 yes
 

+Host jugband.gern.madduck.net | jugband.gern | jugband
+  Hostname jugband.gern.madduck.net
+  ForwardX11 yes
+  HostKeyAlias jugband.gern
+

 Host visitor*.gern.madduck.net | visitor*.gern | visitor*
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null
 Host visitor*.gern.madduck.net | visitor*.gern | visitor*
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null


@@ -210,6 +212,14 @@ Host albatross.lehel.madduck.net | albatross.lehel | albatross
   ForwardAgent yes
   ForwardX11 yes
   HostKeyAlias albatross.lehel
   ForwardAgent yes
   ForwardX11 yes
   HostKeyAlias albatross.lehel

+Host albatross-luks
+  Hostname albatross.lehel.madduck.net
+  HostKeyAlias albatross-luks.lehel.madduck.net
+  User root
+
+Host albatross-via-diamond
+  Hostname albatross.lehel.madduck.net
+  ProxyCommand ssh diamond.madduck.net nc -q0 %h %p

 
 ### GAUTING
 
 
 ### GAUTING
 


@@ -262,21 +272,24 @@ Host fishbowl | fishbowl.rw.madduck.net
   ForwardAgent yes
   ForwardX11 yes
   HostKeyAlias fishbowl
   ForwardAgent yes
   ForwardX11 yes
   HostKeyAlias fishbowl

-  ProxyCommand bash -c "TARGETS=$( (TRIES=%h.{gern,lehel,rw}.madduck.net; eval fping -aAC1 -t100 $TRIES; eval fping6 -aAC1 -t100 $TRIES; wait) 2>&1 | sed -rne 's, : ([[:digit:]]), @\1,p' | sort -t@ -k2n | sed -ne 's, .*,,p' | tr '\n' ','); echo Targets: \$TARGETS using \${TARGETS%%%%,*} … >&2; nc -vq0 \${TARGETS%%%%,*} %p"
+  ProxyCommand bash -c "TARGETS=$( (TRIES=%h.{gern,lehel,gauting,atom,rw}.madduck.net; eval fping -aAC1 -t500 $TRIES 2>&1 & eval fping6 -aAC1 -t500 $TRIES 2>&1; wait) | sed -rne 's, : ([[:digit:]]), @\1,p' | sort -t@ -k2n | sed -ne 's, .*,,p' | tr '\n' ','); echo Targets: \$TARGETS using \${TARGETS%%%%,*} … >&2; nc -vq0 \${TARGETS%%%%,*} %p"

 
 ### LOCAL VIRT HOSTS
 
 
 ### LOCAL VIRT HOSTS
 

+Host wafer.virt
+  RemoteForward 25000 localhost:25
+  ForwardX11 yes
+

 Host red | green | blue | yellow | black | white | orange | violet | wafer
 Host red | green | blue | yellow | black | white | orange | violet | wafer

+  CanonicalDomains virt
+  CanonicalizeHostname yes
+  CanonicalizeFallbackLocal no
+  CanonicalizeMaxDots 0

   VerifyHostKeyDNS no
   CheckHostIP no
   ForwardAgent yes
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null
   VerifyHostKeyDNS no
   CheckHostIP no
   ForwardAgent yes
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null

-  ControlMaster no
-  CanonicalDomains virt
-  CanonicalizeHostname yes
-  CanonicalizeFallbackLocal no
-  CanonicalizeMaxDots 0

 
 ### DEBIAN
 
 
 ### DEBIAN
 


@@ -301,6 +314,10 @@ Host nelson.debconf.org | penta.debconf.org | nelson | summit | summit.debconf.o
   Hostname nelson.debconf.org
   ProxyCommand ssh sysyphus.madduck.net nc -q0 %h %p
 
   Hostname nelson.debconf.org
   ProxyCommand ssh sysyphus.madduck.net nc -q0 %h %p
 

+Host itchy.debconf.org | itchy | wafer.debconf.org | wafer
+  Hostname itchy.debconf.org
+  ProxyCommand ssh sysyphus.madduck.net nc -q0 %h %p
+

 Host kent.debconf.org | kent
   Hostname kent.debconf.org
   ProxyCommand ssh sysyphus.madduck.net nc -q0 %h %p
 Host kent.debconf.org | kent
   Hostname kent.debconf.org
   ProxyCommand ssh sysyphus.madduck.net nc -q0 %h %p


@@ -355,14 +372,14 @@ Host *
   ControlPersist 30
   ExitOnForwardFailure yes
   ForwardAgent no
   ControlPersist 30
   ExitOnForwardFailure yes
   ForwardAgent no

-  ForwardX11 no
-  ForwardX11Trusted no
+  #ForwardX11 no
+  #ForwardX11Trusted no

   HashKnownHosts no
   NumberOfPasswordPrompts 2
   PasswordAuthentication yes
   Protocol 2
   ServerAliveInterval 45
   StrictHostKeyChecking yes
   HashKnownHosts no
   NumberOfPasswordPrompts 2
   PasswordAuthentication yes
   Protocol 2
   ServerAliveInterval 45
   StrictHostKeyChecking yes

-  UpdateHostKeys ask
+  #UpdateHostKeys no

   VerifyHostKeyDNS ask
   VisualHostKey no
   VerifyHostKeyDNS ask
   VisualHostKey no