Added SSH config example

2026-02-09 05:44:23 +00:00 · 2022-10-21 13:01:51 +02:00
parent a88b18a2f1
commit a12104d2d6
1 changed files with 74 additions and 0 deletions
--- a/examples/ssh.config
+++ b/examples/ssh.config
@@ -0,0 +1,74 @@
+################################################################################
+## ~/.ssh/config
+##
+## Gotchas:
+## - priority goes from top to bottom
+##   - defaults MUST come last
+##   - canonicalization as a default MUST be on top as it forces a config reload
+##     for canonicalized hosts
+##   - host specificity is NOT a factor of priority
+## - host sections can be specified multiple times
+## - multiple hostnames (and aliases) may be specified per section
+## - host sections apply to the name you use (not what it resolves to)
+################################################################################
+
+# Canonicalize host names before connecting
+# On top, as it forces a config reload for canonicalized hosts
+CanonicalizeHostname  yes
+CanonicalDomains      lan my.org
+
+# Legacy hosts' specific settings
+# E.g. old key algorithms
+Host  legacy
+	BatchMode          yes
+	ForwardAgent       yes
+	HostKeyAlgorithms  +ssh-dss
+	Port               2222
+
+# Virtual Machines' specific settings
+# E.g. no key checking due to them being ephemeral
+Host  local vm*
+	Hostname               localhost
+	IdentityFile           ~/.ssh/id_rsa
+	StrictHostKeyChecking  no
+	UserKnownHostsFile     /dev/null
+
+# Network devices' specific settings
+# E.g. firewalls and switches
+Host  net?a?-fw? org?-h?-sw?
+	CanonicalDomains     my.org
+	CanonicalizeMaxDots  0
+Host !bastion* *.brt*.my.org *.brs? *.brs??
+	ProxyCommand ssh -W %h:%p `host bastion.my.org | awk '/address/ {print $4; exit}' | xargs host | cut -d\  -f5`
+
+# Home devices' specific settings
+Host  omnia turris
+	AddressFamily   inet6
+	IdentitiesOnly  yes
+	User            root
+Host  pi* raspberrypi*
+	AddKeysToAgent         no
+	SendEnv                -PAGER LC_*
+	SetEnv                 FOO=bar
+	StrictHostKeyChecking  no
+	UseKeyChain            no
+	User                   pi
+
+# User-specific settings
+Match  user  root
+	IdentityFile  ~/.ssh/id_ed25519
+
+# Default settings start here
+
+AddKeysToAgent       yes
+Compression          yes
+HashKnownHosts       no
+ServerAliveInterval  300
+ServerAliveCountMax  2
+UseKeyChain          yes
+
+# Keep connections open for some time to reuse them
+# %C returns a hash of different information and is useful as socket identifier
+ControlMaster   auto
+ControlPersist  30s
+ControlPath     ~/.ssh/control-%C