Skip to content

kalrish/ssh_config

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
keys
keys
 
 
own
own
 
 
smaato @ 96b85be
smaato @ 96b85be
 
 
sockets
sockets
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
README.md
README.md
 
 
config
config
 
 
known_hosts
known_hosts
 
 

Repository files navigation

OpenSSH client configuration

This repository contains my personal OpenSSH client configuration.

Secret settings, such as those for employers' environments, reside in separate repositories that are kept private and included as submodules.

host public keys

For some SSH hosts, the public keys are published:

fingerprints

For some SSH hosts, the public keys are not published, but their fingerprints are:

  • GitLab instances: https://${instance_domain}/help/instance_configuration#ssh-host-keys-fingerprints
  • SourceForge

To get the public keys of such SSH hosts:

  1. Gather their public keys with the command ssh-keyscan(1).

    Invoke it as follows:

    ssh-keyscan -- gitlab.archlinux.org

    The output looks as follows:

    # gitlab.archlinux.org:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
gitlab.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxid4CSjzD5QiM1y12qxNAUdR4kgy+YTym1lY4Arwdf+GC+UGvFP/IzGdlmL681nQeLZN7j2+3Bbm30JZNraA9gesW6BNoOr8QJbuayZJIoQklOUEmvaP7z5PlNChJiwNiXiyXRZzw7BwR4gYGWGSiJtzGYRtIgJDBB+Tc7rVwSy0u16YG2TpFOnxCJ8S25FhRIoyp0A5A+eJgCUe4HDI4Zud+94QdZUVuvpsjzHxXiPr8U8jbsJrG/beWxOnFFx7rhtz/OoQn8sg3anJue+mgtZm/PBs4fccVl30c0Xqfizvdx09sapqyrNf326s9L8NToyi2aHxMEzXfGspOoYtl
# gitlab.archlinux.org:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
gitlab.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL+Hs65GpF45799k+r9AW5+xxIRLOdOrOUFsce1BVD8f/tFGBpu6ay06f3tvXXUHVA9iRI6wogDVTpy4x5ch4jY=
# gitlab.archlinux.org:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
gitlab.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjT2SuA0k/xc5Cbyp+eBY5uN3bRL2K7GdpNtltOK6vy
# gitlab.archlinux.org:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
# gitlab.archlinux.org:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6

  2. Generate the fingerprint for each key.

    base64_key='AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL+Hs65GpF45799k+r9AW5+xxIRLOdOrOUFsce1BVD8f/tFGBpu6ay06f3tvXXUHVA9iRI6wogDVTpy4x5ch4jY='
    base64 --decode <<< "${base64_key}" | openssl dgst -sha256 -binary | base64

  3. Compare the generated fingerprints with the known fingerprints.

  4. If the generated fingerprints match the known fingerprints, trust the public keys gathered with ssh-keyscan(1).

About

OpenSSH client configuration

man.openbsd.org/ssh_config

Topics

dotfiles ssh ssh-config openssh-config

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository