]> git.madduck.net Git - etc/ssh.git/commitdiff

madduck's git repository

Every one of the projects in this repository is available at the canonical URL git://git.madduck.net/madduck/pub/<projectpath> — see each project's metadata for the exact URL.

All patches and comments are welcome. Please squash your changes to logical commits before using git-format-patch and git-send-email to patches@git.madduck.net. If you'd read over the Git project's submission guidelines and adhered to them, I'd be especially grateful.

SSH access, as well as push access can be individually arranged.

If you use my repositories frequently, consider adding the following snippet to ~/.gitconfig and using the third clone URL listed for each project:

[url "git://git.madduck.net/madduck/"]
  insteadOf = madduck:

projects / etc / ssh.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 745089e)
Disable forwarding agent in wake of matrix.org attack
authormartin f. krafft <madduck@madduck.net>
Fri, 10 May 2019 01:53:17 +0000 (13:53 +1200)
committermartin f. krafft <madduck@madduck.net>
Fri, 10 May 2019 01:53:17 +0000 (13:53 +1200)
.ssh/config.in patch | blob | history

diff --git a/.ssh/config.in b/.ssh/config.in
index 9f6d9d81860450fb44ed3d4d34225438078f06bf..e45a51230736b28c352f092b2f1a3c2b419e13fd 100644 (file)
--- a/.ssh/config.in
+++ b/.ssh/config.in
@@ -1,5 +1,4 @@
 Host 127.0.0.1 | localhost
 Host 127.0.0.1 | localhost
-  ForwardAgent yes
   ForwardX11 yes
   ForwardX11Trusted yes
   NoHostAuthenticationForLocalhost yes
   ForwardX11 yes
   ForwardX11Trusted yes
   NoHostAuthenticationForLocalhost yes
@@ -7,7 +6,6 @@ Host 127.0.0.1 | localhost
 ### CHARADE KVM HOST
 
 Host charade.madduck.net | charade
 ### CHARADE KVM HOST
 
 Host charade.madduck.net | charade
-  ForwardAgent yes
   Hostname charade.madduck.net
 Host charade-vnc
   ControlMaster no
   Hostname charade.madduck.net
 Host charade-vnc
   ControlMaster no
@@ -15,11 +13,9 @@ Host charade-vnc
   Hostname charade.madduck.net
 
 Host emily.madduck.net | emily
   Hostname charade.madduck.net
 
 Host emily.madduck.net | emily
-  ForwardAgent yes
   Hostname emily.madduck.net
 
 Host matilda.madduck.net | matilda
   Hostname emily.madduck.net
 
 Host matilda.madduck.net | matilda
-  ForwardAgent yes
   Hostname matilda.madduck.net
 Host irc-host.madduck.net | irc-host
   User madduck
   Hostname matilda.madduck.net
 Host irc-host.madduck.net | irc-host
   User madduck
@@ -28,7 +24,6 @@ Host irc-host.madduck.net | irc-host
   ConnectTimeout 60
 
 Host vizier.madduck.net | vizier
   ConnectTimeout 60
 
 Host vizier.madduck.net | vizier
-  ForwardAgent yes
   Hostname vizier.madduck.net
 Host admin.madduck.net | admin
   Hostname admin.madduck.net
   Hostname vizier.madduck.net
 Host admin.madduck.net | admin
   Hostname admin.madduck.net
@@ -36,55 +31,44 @@ Host admin.madduck.net | admin
   User git
 
 Host ambassador.madduck.net | ambassador
   User git
 
 Host ambassador.madduck.net | ambassador
-  ForwardAgent yes
   Hostname ambassador.madduck.net
 
 Host alan.madduck.net | alan
   Hostname ambassador.madduck.net
 
 Host alan.madduck.net | alan
-  ForwardAgent yes
   Hostname alan.madduck.net
 Host git.madduck.net | git
   User git
   HostKeyAlias alan.madduck.net
 
 Host swan.madduck.net | swan
   Hostname alan.madduck.net
 Host git.madduck.net | git
   User git
   HostKeyAlias alan.madduck.net
 
 Host swan.madduck.net | swan
-  ForwardAgent yes
   Hostname swan.madduck.net
 
 Host pulse.madduck.net | pulse
   Hostname swan.madduck.net
 
 Host pulse.madduck.net | pulse
-  ForwardAgent yes
   Hostname pulse.madduck.net
 
 Host vera.madduck.net | vera
   Hostname pulse.madduck.net
 
 Host vera.madduck.net | vera
-  ForwardAgent yes
   Hostname vera.madduck.net
 
 Host seamus.madduck.net | seamus
   Hostname vera.madduck.net
 
 Host seamus.madduck.net | seamus
-  ForwardAgent yes
   Hostname seamus.madduck.net
 
 Host cymbaline.madduck.net | cymbaline
   Hostname seamus.madduck.net
 
 Host cymbaline.madduck.net | cymbaline
-  ForwardAgent yes
   Hostname cymbaline.madduck.net
 
 Host lunatic.madduck.net | lunatic
   Hostname cymbaline.madduck.net
 
 Host lunatic.madduck.net | lunatic
-  ForwardAgent yes
   Hostname lunatic.madduck.net
 
 ### UNI ZURICH MACHINES
 
 Host gig.madduck.net | gig
   Hostname lunatic.madduck.net
 
 ### UNI ZURICH MACHINES
 
 Host gig.madduck.net | gig
-  ForwardAgent yes
   Hostname gig.madduck.net
 
 Host eugene.madduck.net | eugene
   Hostname gig.madduck.net
 
 Host eugene.madduck.net | eugene
-  ForwardAgent yes
   Hostname eugene.madduck.net
 Host eugene-luks
   Hostname eugene.madduck.net
   User root
 
 Host diamond.madduck.net | diamond
   Hostname eugene.madduck.net
 Host eugene-luks
   Hostname eugene.madduck.net
   User root
 
 Host diamond.madduck.net | diamond
-  ForwardAgent yes
   Hostname diamond.madduck.net
 Host debian.madduck.net | debian
   HostKeyAlias diamond.madduck.net
   Hostname diamond.madduck.net
 Host debian.madduck.net | debian
   HostKeyAlias diamond.madduck.net
@@ -105,7 +89,6 @@ Host flics.madduck.net | flics
   IPQoS lowdelay af13
 
 Host shelter.madduck.net | shelter
   IPQoS lowdelay af13
 
 Host shelter.madduck.net | shelter
-  ForwardAgent yes
   Hostname shelter.madduck.net
 Host backup.madduck.net | backup
   HostKeyAlias shelter.madduck.net
   Hostname shelter.madduck.net
 Host backup.madduck.net | backup
   HostKeyAlias shelter.madduck.net
@@ -124,12 +107,10 @@ Host cirrus.madduck.net | cirrus
 
 Host clegg.lehel.madduck.net | clegg.lehel | clegg
   CheckHostIP no
 
 Host clegg.lehel.madduck.net | clegg.lehel | clegg
   CheckHostIP no
-  ForwardAgent yes
   Hostname clegg.lehel.madduck.net
 
 Host albatross.lehel.madduck.net | albatross.lehel | albatross
   Hostname albatross.lehel.madduck.net
   Hostname clegg.lehel.madduck.net
 
 Host albatross.lehel.madduck.net | albatross.lehel | albatross
   Hostname albatross.lehel.madduck.net
-  ForwardAgent yes
   ForwardX11 yes
   HostKeyAlias albatross.lehel
 Host albatross-luks
   ForwardX11 yes
   HostKeyAlias albatross.lehel
 Host albatross-luks
@@ -150,19 +131,16 @@ Host visitor*.lehel.madduck.net | visitor*.lehel
 
 Host embryo.gauting.madduck.net | embryo
   CheckHostIP no
 
 Host embryo.gauting.madduck.net | embryo
   CheckHostIP no
-  ForwardAgent yes
   Hostname embryo.gauting.madduck.net
   HostKeyAlias embryo.gauting.madduck.net
 
 Host mother.gauting | mother | mother.gauting.madduck.net
   Hostname mother.gauting
   Hostname embryo.gauting.madduck.net
   HostKeyAlias embryo.gauting.madduck.net
 
 Host mother.gauting | mother | mother.gauting.madduck.net
   Hostname mother.gauting
-  ForwardAgent yes
   ForwardX11 yes
 Host mothere
   Hostname embryo.gauting.madduck.net
   Port 22021
   CheckHostIP no
   ForwardX11 yes
 Host mothere
   Hostname embryo.gauting.madduck.net
   Port 22021
   CheckHostIP no
-  ForwardAgent yes
   ForwardX11 yes
   HostKeyAlias mother.gauting.madduck.net
 
   ForwardX11 yes
   HostKeyAlias mother.gauting.madduck.net
 
@@ -174,19 +152,15 @@ Host visitor*.lehel.madduck.net | visitor*.lehel
 
 Host wall.mtvic.madduck.net | wall.mtvic | wall
   Hostname wall.mtvic.madduck.net
 
 Host wall.mtvic.madduck.net | wall.mtvic | wall
   Hostname wall.mtvic.madduck.net
-  ForwardAgent yes
 
 Host atom.mtvic.madduck.net | atom.mtvic | atom
   Hostname atom.mtvic.madduck.net
 
 Host atom.mtvic.madduck.net | atom.mtvic | atom
   Hostname atom.mtvic.madduck.net
-  ForwardAgent yes
 
 Host bell.mtvic.madduck.net | bell.mtvic | bell
   Hostname bell.mtvic.madduck.net
 
 Host bell.mtvic.madduck.net | bell.mtvic | bell
   Hostname bell.mtvic.madduck.net
-  ForwardAgent yes
 
 Host julia.mtvic.madduck.net | julia.mtvic | julia
   Hostname julia.mtvic.madduck.net
 
 Host julia.mtvic.madduck.net | julia.mtvic | julia
   Hostname julia.mtvic.madduck.net
-  ForwardAgent yes
 
 Host julia-via-wall | rjulia
   Hostname julia.mtvic.madduck.net
 
 Host julia-via-wall | rjulia
   Hostname julia.mtvic.madduck.net
@@ -194,23 +168,19 @@ Host julia-via-wall | rjulia
 
 Host jugband.mtvic.madduck.net | jugband.mtvic | jugband
   Hostname jugband.mtvic.madduck.net
 
 Host jugband.mtvic.madduck.net | jugband.mtvic | jugband
   Hostname jugband.mtvic.madduck.net
-  ForwardAgent yes
 
 Host lelina.mtvic.madduck.net | lelina.mtvic | lelina
   ForwardX11 yes
 
 Host lelina.mtvic.madduck.net | lelina.mtvic | lelina
   ForwardX11 yes
-  ForwardAgent yes
 
 ### ROAD WARRIORS
 
 Host fishbowl.*
   CheckHostIP no
 
 ### ROAD WARRIORS
 
 Host fishbowl.*
   CheckHostIP no
-  ForwardAgent yes
   ForwardX11 yes
   HostKeyAlias fishbowl
 
 Host fishbowl | fishbowl.rw.madduck.net
   CheckHostIP no
   ForwardX11 yes
   HostKeyAlias fishbowl
 
 Host fishbowl | fishbowl.rw.madduck.net
   CheckHostIP no
-  ForwardAgent yes
   ForwardX11 yes
   HostKeyAlias fishbowl
   ProxyCommand bash -c "TARGETS=$( (TRIES=%h.{mtvic,lehel,gauting,rw}.madduck.net; eval fping -aAC1 -t500 $TRIES 2>&1 & eval fping6 -aAC1 -t500 $TRIES 2>&1; wait) | sed -rne 's, : ([[:digit:]]), @\1,p' | sort -t@ -k2n | sed -ne 's, .*,,p' | tr '\n' ','); echo Targets: \$TARGETS using \${TARGETS%%%%,*} … >&2; exec nc -vq0 \${TARGETS%%%%,*} %p"
   ForwardX11 yes
   HostKeyAlias fishbowl
   ProxyCommand bash -c "TARGETS=$( (TRIES=%h.{mtvic,lehel,gauting,rw}.madduck.net; eval fping -aAC1 -t500 $TRIES 2>&1 & eval fping6 -aAC1 -t500 $TRIES 2>&1; wait) | sed -rne 's, : ([[:digit:]]), @\1,p' | sort -t@ -k2n | sed -ne 's, .*,,p' | tr '\n' ','); echo Targets: \$TARGETS using \${TARGETS%%%%,*} … >&2; exec nc -vq0 \${TARGETS%%%%,*} %p"
@@ -248,7 +218,6 @@ Host red | green | blue | yellow | black | white | orange | violet | wafer
   CanonicalizeMaxDots 0
   VerifyHostKeyDNS no
   CheckHostIP no
   CanonicalizeMaxDots 0
   VerifyHostKeyDNS no
   CheckHostIP no
-  ForwardAgent yes
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null
 
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null
 
OpenSSH configuration

Legalese

All content available in this repository is copyright © martin f. krafft, unless otherwise noted.

All files and their content are released under the terms of the Artistic Licence 2.0, unless otherwise noted.

The operator of this repository shall not be held liable for offending content in pages linking to or linked from these page, nor does he endorse their content unless stated otherwise.