Commit 3c9c24c20c57

Vincent Demeester <vincent@sbr.pm>
2022-04-14 19:29:53
users/vincent: configure strict host key checking…
… and add pre-configured ones. Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 9a19e23
Changed files (1)
users
vincent
core
ssh.nix
users/vincent/core/ssh.nix
@@ -91,10 +91,26 @@ in
       };
     } // homeConfig // vpnConfig;
     extraConfig = ''
+      GlobalKnownHostsFile ~/.config/ssh/ssh_known_hosts ~/.config/ssh/ssh_known_hosts.redhat ~/.config/ssh/ssh_known_hosts.mutable
+      StrictHostKeyChecking yes
       PreferredAuthentications gssapi-with-mic,publickey,password
       GSSAPIAuthentication yes
       GSSAPIDelegateCredentials yes
       StreamLocalBindUnlink yes
     '';
   };
+  # FIXME generate this file as well
+  xdg.configFile."ssh/ssh_known_hosts".text = ''
+    # Home
+    wakasu.home,wakasu.vpn,10.100.0.8,192.168.1.77 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2GB030S1+iZMqwgYhkl5CuBOKBjZoujc0aVHII39/x
+    aomi.home,aomi.vpn,10.100.0.17,192.168.1.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME
+    sakhalin.home,sakhalin.vpn,10.100.0.16,192.168.1.70 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/PMBThi4DhgZR8VywbRDzzMVh2Qp3T6NJAcPubfXz6
+    kerkouane.vpn ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJguVoQYObRLyNxELFc3ai2yDJ25+naiM3tKrBGuxwwA
+    synodine.home,192.168.1.20 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWdnPJg0Y4kd4lHPAGE4xgMAK2qvMg3oBxh0t+xO+7O
+  '';
+  xdg.configFile."ssh/ssh_known_hosts.redhat".text = ''
+    # Red Hat
+    gitlab.cee.redhat.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBgflBIyju1LV/29PmFDw0GLdB9h0JUXglNrvWjBQ2u
+    code.engineering.redhat.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYZZXmzm14TUL02Qe5SCMw48OfrphoIzi4qXSEK9Hiq
+  '';
 }