SSH config.

- Move global config to appear last (first setting that matches wins, thus global should be last, matches anything that's not explicit). - Added specific braavos@endless config.

SSH config.
f4cbe7da · nimrod · 4041a67e · 4041a67e · f4cbe7da · f4cbe7da
Commit f4cbe7da authored 6 years ago by nimrod
--- a/.ssh/config.d/10_global
+++ b/.ssh/config.d/10_global
-Compression yes
-ControlMaster auto
-ControlPath ~/.ssh/%C.sock
-ControlPersist 3m
-ServerAliveInterval 30
-IdentitiesOnly yes
-ForwardAgent no
-# Copied from
-# https://wiki.mozilla.org/Security/Guidelines/OpenSSH?source=techstories.org#Modern
-HashKnownHosts yes
-HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
-KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
-Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
--- a/.ssh/config.d/20_endless
+++ b/.ssh/config.d/20_endless
-Host 172.31.*.* 10.*.*.* *.endlessm.com *.endlessm-sf.com endlessm.com
+Host appupdates.endlessm.com irc.endlessm.com status.endlessm.com
-User nimrod
+Port 2200
-IdentityFile ~/.ssh/endless_ecdsa
+ProxyCommand ssh vpn-router.uw2.endlessm.com -W %h:%p
+Host vpn-router.sf.endlessm.com
+Port 2022
+Host braavos.endlessm-sf.com
+KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
+MACs hmac-sha1
+User sysmgr
+Host ap?.endlessm-sf.com
+Ciphers aes256-cbc
+User endlessapadmin
+Host router.endlessm-sf.com
+ProxyCommand none
+Ciphers aes256-cbc
 Host 10.17.*.* home.dev.endlessm.com
 ProxyCommand ssh vpn-router.uw1.endlessm.com -W %h:%p
@@ -10,9 +26,6 @@ UserKnownHostsFile /dev/null
 StrictHostKeyChecking no
 ProxyCommand ssh vpn-router.uw2.endlessm.com -W %h:%p
-Host appupdates.endlessm.com irc.endlessm.com status.endlessm.com
+Host 172.31.*.* 10.*.*.* *.endlessm.com *.endlessm-sf.com endlessm.com
-Port 2200
+User nimrod
-ProxyCommand ssh vpn-router.uw2.endlessm.com -W %h:%p
+IdentityFile ~/.ssh/endless_ecdsa
-Host vpn-router.sf.endlessm.com
-Port 2022
--- a/.ssh/config.d/99_ec2
+++ b/.ssh/config.d/99_ec2