diff --git a/home/default.nix b/home/default.nix index aea42b0..0aa0dcc 100644 --- a/home/default.nix +++ b/home/default.nix @@ -14,7 +14,7 @@ ./mpv.nix ./kitty.nix ./neovim - ./ssh.nix + ./ssh ]; services.syncthing.enable = true; diff --git a/home/ssh.nix b/home/ssh/default.nix similarity index 95% rename from home/ssh.nix rename to home/ssh/default.nix index 9fc918b..7dbbec9 100644 --- a/home/ssh.nix +++ b/home/ssh/default.nix @@ -8,8 +8,8 @@ controlMaster = "auto"; controlPersist = "10m"; controlPath = "~/.ssh/c/%r@%n:%p"; - hashKnownHosts = true; # We have to do this as text to gaurantee it's part of the last Host * block + userKnownHostsFile = "~/.ssh/known_hosts ${./extra_known_hosts}"; extraConfig = '' HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 diff --git a/home/ssh/extra_known_hosts b/home/ssh/extra_known_hosts new file mode 100644 index 0000000..a44b180 --- /dev/null +++ b/home/ssh/extra_known_hosts @@ -0,0 +1,2 @@ +@cert-authority manehattan.artem.ist,*.manehattan.artem.ist sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLNmn6dU6QucvxYB1Os6t9FtR7h/kJGIcJdUZLv5iXuLKCwqtKY/GEDCDDmwk0kkmlggEDoLSsTHNDo9ZLjvI0sAAAAbc3NoOmNhQG1hbmVoYXR0YW4uYXJ0ZW0uaXN0 ca@manehattan.artem.ist +github.com,192.30.253.112 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==