swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: enable SSH Agent forwarding

Browse source
This commit is contained in:
Swarsel 2024-07-19 22:38:52 +02:00
parent 193cf5748e
commit a8baed9ba0
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
1 changed files with 93 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

54
SwarselSystems.org
View file

@ -5468,13 +5468,16 @@ I use sops-nix to handle secrets that I want to have available on my machines at
:CUSTOM_ID: h:edd6720e-1f90-40bf-b6f9-30a19d4cae08 :CUSTOM_ID: h:edd6720e-1f90-40bf-b6f9-30a19d4cae08
:END: :END:
It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host.
#+begin_src nix :tangle profiles/common/home.nix #+begin_src nix :tangle profiles/common/home.nix
programs.ssh= { programs.ssh= {
enable = true; enable = true;
extraConfig = "SetEnv TERM=xterm-256color"; forwardAgent = true;
extraConfig = ''
SetEnv TERM=xterm-256color
'';
matchBlocks = { matchBlocks = {
"nginx" = { "nginx" = {
hostname = "192.168.1.14"; hostname = "192.168.1.14";
@ -5548,57 +5551,18 @@ It is very convenient to have SSH aliases in place for machines that I use. This
hostname = "193.122.53.173"; hostname = "193.122.53.173";
user = "root"; #this is a oracle vm server but needs root due to nixos-infect user = "root"; #this is a oracle vm server but needs root due to nixos-infect
}; };
"songdiver" = {
hostname = "89.168.100.65";
user = "ubuntu";
};
"pkv" = { "pkv" = {
hostname = "46.232.248.161"; hostname = "46.232.248.161";
user = "root"; user = "root";
}; };
"nebula" = {
hostname = "128.131.171.15";
user = "amp23s56";
compression = true;
identityFile = "~/.ssh/id_ed25519";
proxyCommand = "ssh -p 1022 -i ~/.ssh/id_ed25519 -q -W %h:%p %r@venus.par.tuwien.ac.at";
extraOptions = {
"TCPKeepAlive" = "yes";
};
};
"efficient" = { "efficient" = {
hostname = "g0.complang.tuwien.ac.at"; hostname = "g0.complang.tuwien.ac.at";
forwardAgent = true; forwardAgent = true;
user = "ep01427399"; user = "ep01427399";
# leaving the below lines in for future reference
# remoteForwards = [
# {
# bind.address = "/run/user/21217/gnupg/S.gpg-agent";
# host.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
# }
# {
# bind.address = "/run/user/21217/gnupg/S.gpg-agent.ssh";
# host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
# }
# ];
# extraOptions = {
# "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra";
# "StreamLocalBindUnlink" = "yes";
# "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent.ssh /run/user/1000/gnupg/S.gpg-agent.ssh";
# };
# setEnv = {
# "TERM" = "xterm";
# };
};
"hydra" = {
hostname = "128.131.171.215";
user = "hpc23w33";
compression = true;
forwardAgent = true;
# identityFile = "~/.ssh/id_tuwien_hpc";
# proxyCommand = "ssh -p 1022 -i ~/.ssh/id_tuwien_hpc -q -W %h:%p %r@venus.par.tuwien.ac.at";
proxyCommand = "ssh -p 1022 -q -W %h:%p %r@venus.par.tuwien.ac.at";
extraOptions = {
"TCPKeepAlive" = "yes";
};
}; };
}; };
}; };