diff options
-rw-r--r-- | accounts/gkleen@sif/default.nix | 2 | ||||
-rw-r--r-- | accounts/gkleen@sif/ssh-hosts.nix | 12 | ||||
-rw-r--r-- | accounts/gkleen@sif/ssh/uniworx.de-ca.pub | 1 |
3 files changed, 14 insertions, 1 deletions
diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 39e17828..de315ede 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix | |||
@@ -91,7 +91,7 @@ in { | |||
91 | Match host mathw0g.mathinst.loc !exec "nc -z -w 1 %h %p &>/dev/null" | 91 | Match host mathw0g.mathinst.loc !exec "nc -z -w 1 %h %p &>/dev/null" |
92 | HostName mathw0g.math.lmu.de | 92 | HostName mathw0g.math.lmu.de |
93 | 93 | ||
94 | Match host *.cipmath.loc !exec "nc -z -w 1 %h %p &>/dev/null" | 94 | Match host *.cipmath.loc !host cip04.cipmath.loc !exec "nc -z -w 1 %h %p &>/dev/null" |
95 | ProxyJump cip04 | 95 | ProxyJump cip04 |
96 | 96 | ||
97 | Match host *.ifi.lmu.de,*.math.lmu.de | 97 | Match host *.ifi.lmu.de,*.math.lmu.de |
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index 0021c75e..d6f7c1dc 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix | |||
@@ -423,6 +423,7 @@ | |||
423 | }; | 423 | }; |
424 | "cip04" = | 424 | "cip04" = |
425 | { hostname = "cip04.cipmath.loc"; | 425 | { hostname = "cip04.cipmath.loc"; |
426 | proxyJump = "mathw0h"; | ||
426 | }; | 427 | }; |
427 | "mgmt01" = | 428 | "mgmt01" = |
428 | { hostname = "mgmt01.mathinst.loc"; | 429 | { hostname = "mgmt01.mathinst.loc"; |
@@ -468,4 +469,15 @@ | |||
468 | user = "git"; | 469 | user = "git"; |
469 | identityFile = "~/.ssh/gitlab.com"; | 470 | identityFile = "~/.ssh/gitlab.com"; |
470 | }; | 471 | }; |
472 | "*.uniworx.de" = | ||
473 | { user = "gkleen"; | ||
474 | identityFile = "~/.ssh/gkleen@uniworx.de"; | ||
475 | certificateFile = "~/.ssh/gkleen@uniworx.de-cert.pub"; | ||
476 | extraOptions = { | ||
477 | UpdateHostKeys = "no"; | ||
478 | UserKnownHostsFile = toString (pkgs.writeText "ssh_known_hosts" '' | ||
479 | @cert-authority *.uniworx.de ${builtins.readFile ./ssh/uniworx.de-ca.pub} | ||
480 | ''); | ||
481 | }; | ||
482 | }; | ||
471 | } | 483 | } |
diff --git a/accounts/gkleen@sif/ssh/uniworx.de-ca.pub b/accounts/gkleen@sif/ssh/uniworx.de-ca.pub new file mode 100644 index 00000000..bfc6de25 --- /dev/null +++ b/accounts/gkleen@sif/ssh/uniworx.de-ca.pub | |||
@@ -0,0 +1 @@ | |||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFAQPbCJTfCUizidvy2KZymO5xJcmXC8DE3xeky7b8XZ Certificate Authority for *.uniworx.de | |||