gaschz/dotfiles
1
0
Fork 0
mirror of https://github.com/gaschz/dotfiles.git synced 2025-03-01 14:22:33 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
dotfiles/files/ssh/.ssh/config
Ben Grande 09bb64f652
feat: SSH proxy in Qubes for offline clients
2024-06-13 15:45:37 +02:00

38 lines
1.4 KiB
Plaintext
Raw Blame History

# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# vim: ft=sshconfig
## Security configuration is enforced.
Host *
## Distrust the remote
ForwardX11 no
ForwardX11Trusted no
ForwardAgent no
## Authentication
UpdateHostKeys ask
PreferredAuthentications publickey,keyboard-interactive,password
HostbasedAuthentication no
StrictHostKeyChecking yes
## Encryption
HostKeyAlgorithms ssh-ed25519,sk-ssh-ed25519@openssh.com
PubkeyAcceptedAlgorithms ssh-ed25519,sk-ssh-ed25519@openssh.com
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
Ciphers aes256-gcm@openssh.com
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
## Load host configuration.
UserKnownHostsFile ~/.ssh/known_hosts.d/%k.host ~/.ssh/known_hosts.d/%h.host
Include ~/.ssh/config.d/*.conf
## Recommended configuration at last.
Host *
## Connectivity
ControlMaster auto
ControlPath ~/.ssh/control.d/%r@%h:%p
ControlPersist 60s
## Only try fancy Qubes proxy if qube has compatible service enabled.
Match Exec "test -f /var/run/qubes-service/qusal-proxy-client"
ProxyCommand qrexec-client-vm @default qusal.ConnectTCP+%h+%p
Reference in New Issue View Git Blame Copy Permalink