From: martin f. krafft Date: Fri, 10 May 2019 01:53:17 +0000 (+1200) Subject: Disable forwarding agent in wake of matrix.org attack X-Git-Url: https://git.madduck.net/etc/ssh.git/commitdiff_plain/7e627325470fa4db80291b0b4c59b1bf62ac34a2?ds=inline;hp=745089ecd1a346c091b669532305d2eb3d640963 Disable forwarding agent in wake of matrix.org attack --- diff --git a/.ssh/config.in b/.ssh/config.in index 9f6d9d8..e45a512 100644 --- a/.ssh/config.in +++ b/.ssh/config.in @@ -1,5 +1,4 @@ Host 127.0.0.1 | localhost - ForwardAgent yes ForwardX11 yes ForwardX11Trusted yes NoHostAuthenticationForLocalhost yes @@ -7,7 +6,6 @@ Host 127.0.0.1 | localhost ### CHARADE KVM HOST Host charade.madduck.net | charade - ForwardAgent yes Hostname charade.madduck.net Host charade-vnc ControlMaster no @@ -15,11 +13,9 @@ Host charade-vnc Hostname charade.madduck.net Host emily.madduck.net | emily - ForwardAgent yes Hostname emily.madduck.net Host matilda.madduck.net | matilda - ForwardAgent yes Hostname matilda.madduck.net Host irc-host.madduck.net | irc-host User madduck @@ -28,7 +24,6 @@ Host irc-host.madduck.net | irc-host ConnectTimeout 60 Host vizier.madduck.net | vizier - ForwardAgent yes Hostname vizier.madduck.net Host admin.madduck.net | admin Hostname admin.madduck.net @@ -36,55 +31,44 @@ Host admin.madduck.net | admin User git Host ambassador.madduck.net | ambassador - ForwardAgent yes Hostname ambassador.madduck.net Host alan.madduck.net | alan - ForwardAgent yes Hostname alan.madduck.net Host git.madduck.net | git User git HostKeyAlias alan.madduck.net Host swan.madduck.net | swan - ForwardAgent yes Hostname swan.madduck.net Host pulse.madduck.net | pulse - ForwardAgent yes Hostname pulse.madduck.net Host vera.madduck.net | vera - ForwardAgent yes Hostname vera.madduck.net Host seamus.madduck.net | seamus - ForwardAgent yes Hostname seamus.madduck.net Host cymbaline.madduck.net | cymbaline - ForwardAgent yes Hostname cymbaline.madduck.net Host lunatic.madduck.net | lunatic - ForwardAgent yes Hostname lunatic.madduck.net ### UNI ZURICH MACHINES Host gig.madduck.net | gig - ForwardAgent yes Hostname gig.madduck.net Host eugene.madduck.net | eugene - ForwardAgent yes Hostname eugene.madduck.net Host eugene-luks Hostname eugene.madduck.net User root Host diamond.madduck.net | diamond - ForwardAgent yes Hostname diamond.madduck.net Host debian.madduck.net | debian HostKeyAlias diamond.madduck.net @@ -105,7 +89,6 @@ Host flics.madduck.net | flics IPQoS lowdelay af13 Host shelter.madduck.net | shelter - ForwardAgent yes Hostname shelter.madduck.net Host backup.madduck.net | backup HostKeyAlias shelter.madduck.net @@ -124,12 +107,10 @@ Host cirrus.madduck.net | cirrus Host clegg.lehel.madduck.net | clegg.lehel | clegg CheckHostIP no - ForwardAgent yes Hostname clegg.lehel.madduck.net Host albatross.lehel.madduck.net | albatross.lehel | albatross Hostname albatross.lehel.madduck.net - ForwardAgent yes ForwardX11 yes HostKeyAlias albatross.lehel Host albatross-luks @@ -150,19 +131,16 @@ Host visitor*.lehel.madduck.net | visitor*.lehel Host embryo.gauting.madduck.net | embryo CheckHostIP no - ForwardAgent yes Hostname embryo.gauting.madduck.net HostKeyAlias embryo.gauting.madduck.net Host mother.gauting | mother | mother.gauting.madduck.net Hostname mother.gauting - ForwardAgent yes ForwardX11 yes Host mothere Hostname embryo.gauting.madduck.net Port 22021 CheckHostIP no - ForwardAgent yes ForwardX11 yes HostKeyAlias mother.gauting.madduck.net @@ -174,19 +152,15 @@ Host visitor*.lehel.madduck.net | visitor*.lehel Host wall.mtvic.madduck.net | wall.mtvic | wall Hostname wall.mtvic.madduck.net - ForwardAgent yes Host atom.mtvic.madduck.net | atom.mtvic | atom Hostname atom.mtvic.madduck.net - ForwardAgent yes Host bell.mtvic.madduck.net | bell.mtvic | bell Hostname bell.mtvic.madduck.net - ForwardAgent yes Host julia.mtvic.madduck.net | julia.mtvic | julia Hostname julia.mtvic.madduck.net - ForwardAgent yes Host julia-via-wall | rjulia Hostname julia.mtvic.madduck.net @@ -194,23 +168,19 @@ Host julia-via-wall | rjulia Host jugband.mtvic.madduck.net | jugband.mtvic | jugband Hostname jugband.mtvic.madduck.net - ForwardAgent yes Host lelina.mtvic.madduck.net | lelina.mtvic | lelina ForwardX11 yes - ForwardAgent yes ### ROAD WARRIORS Host fishbowl.* CheckHostIP no - ForwardAgent yes ForwardX11 yes HostKeyAlias fishbowl Host fishbowl | fishbowl.rw.madduck.net CheckHostIP no - ForwardAgent yes ForwardX11 yes HostKeyAlias fishbowl ProxyCommand bash -c "TARGETS=$( (TRIES=%h.{mtvic,lehel,gauting,rw}.madduck.net; eval fping -aAC1 -t500 $TRIES 2>&1 & eval fping6 -aAC1 -t500 $TRIES 2>&1; wait) | sed -rne 's, : ([[:digit:]]), @\1,p' | sort -t@ -k2n | sed -ne 's, .*,,p' | tr '\n' ','); echo Targets: \$TARGETS using \${TARGETS%%%%,*} … >&2; exec nc -vq0 \${TARGETS%%%%,*} %p" @@ -248,7 +218,6 @@ Host red | green | blue | yellow | black | white | orange | violet | wafer CanonicalizeMaxDots 0 VerifyHostKeyDNS no CheckHostIP no - ForwardAgent yes StrictHostKeyChecking no UserKnownHostsFile /dev/null