feat: enable SSH Agent forwarding

2025-12-06 09:07:21 +01:00 · 2024-07-19 22:38:52 +02:00 · 2024-07-19 22:38:52 +02:00 · a8baed9ba0
commit a8baed9ba0
parent 193cf5748e
1 changed files with 93 additions and 129 deletions
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@ -5468,13 +5468,16 @@ I use sops-nix to handle secrets that I want to have available on my machines at
 :CUSTOM_ID: h:edd6720e-1f90-40bf-b6f9-30a19d4cae08
 :END:

-It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters.
+It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host.

 #+begin_src nix :tangle profiles/common/home.nix

      programs.ssh= {
        enable = true;
-    extraConfig = "SetEnv TERM=xterm-256color";
+        forwardAgent = true;
+        extraConfig = ''
+    SetEnv TERM=xterm-256color
+  '';
        matchBlocks = {
          "nginx" = {
            hostname = "192.168.1.14";
@ -5548,57 +5551,18 @@ It is very convenient to have SSH aliases in place for machines that I use. This
            hostname = "193.122.53.173";
            user = "root"; #this is a oracle vm server but needs root due to nixos-infect
          };
+          "songdiver" = {
+            hostname = "89.168.100.65";
+            user = "ubuntu";
+          };
          "pkv" = {
            hostname = "46.232.248.161";
            user = "root";
          };
-      "nebula" = {
-        hostname = "128.131.171.15";
-        user = "amp23s56";
-        compression = true;
-        identityFile = "~/.ssh/id_ed25519";
-        proxyCommand = "ssh -p 1022 -i ~/.ssh/id_ed25519 -q -W %h:%p %r@venus.par.tuwien.ac.at";
-        extraOptions = {
-          "TCPKeepAlive" = "yes";
-        };
-      };
             "efficient" = {
            hostname = "g0.complang.tuwien.ac.at";
            forwardAgent = true;
            user = "ep01427399";
-
-        # leaving the below lines in for future reference
-
-        # remoteForwards = [
-        #   {
-        #     bind.address = "/run/user/21217/gnupg/S.gpg-agent";
-        #     host.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
-        #   }
-        #   {
-        #     bind.address = "/run/user/21217/gnupg/S.gpg-agent.ssh";
-        #     host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
-        #   }
-        # ];
-        # extraOptions = {
-        # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra";
-        # "StreamLocalBindUnlink" = "yes";
-        # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent.ssh /run/user/1000/gnupg/S.gpg-agent.ssh";
-        # };
-        # setEnv = {
-        #   "TERM" = "xterm";
-        # };
-      };
-      "hydra" = {
-        hostname = "128.131.171.215";
-        user = "hpc23w33";
-        compression = true;
-        forwardAgent = true;
-        # identityFile = "~/.ssh/id_tuwien_hpc";
-        # proxyCommand = "ssh -p 1022 -i ~/.ssh/id_tuwien_hpc -q -W %h:%p %r@venus.par.tuwien.ac.at";
-        proxyCommand = "ssh -p 1022 -q -W %h:%p %r@venus.par.tuwien.ac.at";
-        extraOptions = {
-          "TCPKeepAlive" = "yes";
-        };
          };
        };
      };