From 8fc222167803e951a819f4e7c67c367a8cb4169d Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 10 Jan 2023 13:43:44 +0100 Subject: ... --- accounts/gkleen@sif/default.nix | 2 +- accounts/gkleen@sif/ssh-hosts.nix | 12 ++++++++++++ accounts/gkleen@sif/ssh/uniworx.de-ca.pub | 1 + 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 accounts/gkleen@sif/ssh/uniworx.de-ca.pub diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 39e17828..de315ede 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix @@ -91,7 +91,7 @@ in { Match host mathw0g.mathinst.loc !exec "nc -z -w 1 %h %p &>/dev/null" HostName mathw0g.math.lmu.de - Match host *.cipmath.loc !exec "nc -z -w 1 %h %p &>/dev/null" + Match host *.cipmath.loc !host cip04.cipmath.loc !exec "nc -z -w 1 %h %p &>/dev/null" ProxyJump cip04 Match host *.ifi.lmu.de,*.math.lmu.de diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index 0021c75e..d6f7c1dc 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix @@ -423,6 +423,7 @@ }; "cip04" = { hostname = "cip04.cipmath.loc"; + proxyJump = "mathw0h"; }; "mgmt01" = { hostname = "mgmt01.mathinst.loc"; @@ -468,4 +469,15 @@ user = "git"; identityFile = "~/.ssh/gitlab.com"; }; + "*.uniworx.de" = + { user = "gkleen"; + identityFile = "~/.ssh/gkleen@uniworx.de"; + certificateFile = "~/.ssh/gkleen@uniworx.de-cert.pub"; + extraOptions = { + UpdateHostKeys = "no"; + UserKnownHostsFile = toString (pkgs.writeText "ssh_known_hosts" '' + @cert-authority *.uniworx.de ${builtins.readFile ./ssh/uniworx.de-ca.pub} + ''); + }; + }; } diff --git a/accounts/gkleen@sif/ssh/uniworx.de-ca.pub b/accounts/gkleen@sif/ssh/uniworx.de-ca.pub new file mode 100644 index 00000000..bfc6de25 --- /dev/null +++ b/accounts/gkleen@sif/ssh/uniworx.de-ca.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFAQPbCJTfCUizidvy2KZymO5xJcmXC8DE3xeky7b8XZ Certificate Authority for *.uniworx.de -- cgit v1.2.3