- SSH-Config 88.4%
- JSON-with-Comments 11.6%
| .vscode | ||
| keys | ||
| LICENSES | ||
| site | ||
| sockets | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitmodules | ||
| config | ||
| known_hosts | ||
| README.md | ||
OpenSSH client configuration
This repository contains my personal OpenSSH client configuration. Site-specific configuration, such as for clients' and employers' systems, resides in separate repositories that are kept private and included as submodules.
installation
POSIX
On POSIX-compliant systems, this configuration may be installed by executing the following command with a POSIX shell:
git clone -- https://codeberg.org/djsp/ssh_config.git ~/.ssh
Site-specific configuration may then be fetched with the following command:
git -C ~/.ssh submodule update --init -- site/<site>
Windows
On Windows, this configuration may be installed by executing the following command with cmd.exe:
git clone -- https://codeberg.org/djsp/ssh_config.git "%USERPROFILE%\.ssh"
Site-specific configuration may then be fetched with the following command:
git -C "%USERPROFILE%\.ssh" submodule update --init -- site\<site>
updating
POSIX
On POSIX-compliant systems, configuration may be updated by executing the following command with a POSIX shell:
git -C ~/.ssh fetch
git -C ~/.ssh reset --hard @{upstream}
Site-specific configuration may then be updated with the following command:
git -C ~/.ssh submodule update --remote
Windows
On Windows, configuration may be updated by executing the following command with cmd.exe:
git -C "%USERPROFILE%\.ssh" fetch
git -C "%USERPROFILE%\.ssh" reset --hard @{upstream}
Site-specific configuration may then be updated with the following command:
git -C "%USERPROFILE%\.ssh" submodule update --remote
host public keys
For some SSH hosts, the public keys are published:
fingerprints
For some SSH hosts, the public keys are not published, but their fingerprints are:
- GitLab instances:
https://${instance_domain}/help/instance_configuration#ssh-host-keys-fingerprints - SourceForge
To get the public keys of such SSH hosts:
-
Gather their public keys with the command
ssh-keyscan(1).Invoke it as follows:
ssh-keyscan -- gitlab.archlinux.orgThe output looks as follows:
# gitlab.archlinux.org:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6 gitlab.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxid4CSjzD5QiM1y12qxNAUdR4kgy+YTym1lY4Arwdf+GC+UGvFP/IzGdlmL681nQeLZN7j2+3Bbm30JZNraA9gesW6BNoOr8QJbuayZJIoQklOUEmvaP7z5PlNChJiwNiXiyXRZzw7BwR4gYGWGSiJtzGYRtIgJDBB+Tc7rVwSy0u16YG2TpFOnxCJ8S25FhRIoyp0A5A+eJgCUe4HDI4Zud+94QdZUVuvpsjzHxXiPr8U8jbsJrG/beWxOnFFx7rhtz/OoQn8sg3anJue+mgtZm/PBs4fccVl30c0Xqfizvdx09sapqyrNf326s9L8NToyi2aHxMEzXfGspOoYtl # gitlab.archlinux.org:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6 gitlab.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL+Hs65GpF45799k+r9AW5+xxIRLOdOrOUFsce1BVD8f/tFGBpu6ay06f3tvXXUHVA9iRI6wogDVTpy4x5ch4jY= # gitlab.archlinux.org:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6 gitlab.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjT2SuA0k/xc5Cbyp+eBY5uN3bRL2K7GdpNtltOK6vy # gitlab.archlinux.org:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6 # gitlab.archlinux.org:22 SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6 -
Generate the fingerprint for each key.
base64_key='AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL+Hs65GpF45799k+r9AW5+xxIRLOdOrOUFsce1BVD8f/tFGBpu6ay06f3tvXXUHVA9iRI6wogDVTpy4x5ch4jY='base64 --decode <<< "${base64_key}" | openssl dgst -sha256 -binary | base64 -
Compare the generated fingerprints with the known fingerprints.
-
If the generated fingerprints match the known fingerprints, trust the public keys gathered with
ssh-keyscan(1).