################################################################################
## ~/.ssh/config
##
## Gotchas:
## - priority goes from top to bottom
##   - defaults MUST come last
##   - canonicalization as a default MUST be on top to force a config reload
##     when checking hosts matching it
##   - host specificity is NOT a factor of priority
## - host sections can be specified multiple times
## - multiple hostnames (and aliases) may be specified per section
## - host sections apply to the name you use (not what it resolves to)
################################################################################

# Canonicalize host names before connecting
# On top, so it forces a config reload for canonical hosts
CanonicalizeHostname  yes
CanonicalDomains      lan local my.org

# Legacy hosts' specific settings
# E.g. old key algorithms
Host  legacy
	BatchMode          yes
	ForwardAgent       yes
	HostKeyAlgorithms  +ssh-dss
	Port               2222

# Virtual Machines' specific settings
# E.g. no key checking due to them being ephemeral
Host  local vm*
	Hostname               localhost
	IdentitiesOnly         yes
	IdentityFile           ~/.ssh/id_rsa
	StrictHostKeyChecking  no
	UserKnownHostsFile     /dev/null

# Network devices' specific settings
# E.g. firewalls and switches
Host  net?a?-fw? org?-h?-sw?
	CanonicalDomains     my.org
	CanonicalizeMaxDots  0
Host !bastion* *.brt*.my.org *.brs? *.brs??
	ProxyCommand ssh -W %h:%p `host bastion.my.org | awk '/address/ {print $4; exit}' | xargs host | cut -d\  -f5`

# Home devices' specific settings
Host  omnia turris
	AddressFamily   inet6
	IdentitiesOnly  yes
	User            root
Host  pi* raspberrypi*
	AddKeysToAgent  no
	SendEnv         -LC_* PAGER
	SetEnv          FOO=bar
	UseKeyChain     no
	User            pi

# User-specific settings
Match  user  robots
	IdentityFile  ~/.ssh/id_ed25519
	ServerAliveInterval 300
	ServerAliveCountMax 2

# Default settings start here

AddKeysToAgent       yes
Compression          yes
HashKnownHosts       no
ServerAliveInterval  300
ServerAliveCountMax  2
UseKeyChain          yes

# Keep connections open for some time to reuse them
# %C returns a hash of different information and is useful as socket identifier
ControlMaster   auto
ControlPersist  30s
ControlPath     ~/.ssh/control-%C