From e46c80fd66956713569be4bec940b958d235e451 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 20 Mar 2023 11:36:24 +0100
Subject: ...

---
 accounts/gkleen@sif/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'accounts')

diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix
index 14e2c9a7..b9a9abe1 100644
--- a/accounts/gkleen@sif/default.nix
+++ b/accounts/gkleen@sif/default.nix
@@ -102,6 +102,10 @@ in {
               ConnectTimeout 30
               PasswordAuthentication yes
               KbdInteractiveAuthentication yes
+              UpdateHostKeys yes
+              GlobalKnownHostsFile ${pkgs.writeText "ssh_known_hosts" ''
+                @cert-authority *.mathinst.loc ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUTFpVCdETCXiDSDl7YGbR1J4BLTsoBzjDtflHJGO/z ssh-pki@mgmt01
+              ''}
 
             Match host *.mathinst.loc !host mathw0g.mathinst.loc !exec "nc -z -w 1 %h %p &>/dev/null"
               # ProxyCommand ${pkgs.socat}/bin/socat - SOCKS4A:127.0.0.1:%h:%p,socksport=8118
-- 
cgit v1.2.3