Hacker News new | ask | show | jobs
by Macha 1265 days ago
Note that it does accept wildcards so you can do rules for *.mycompany.com

You can also use placeholders for keys, so for example I have a ssh config like:

    Host *.mycompany.com
        # Employer specific yubikey stuff
    
    Host *.mydomain.com
        IdentityFile ~/.ssh/keys/id_primary

    Host *
        IdentitiesOnly yes
        IdentityFile ~/.ssh/keys/%r@%h # uses ~/.ssh/keys/git@github.com for github for example
I originally started doing this because I would have so many keys that servers would reject me for too many authentication attempts, but it also helps make it easy to use distinct keys for distinct purposes and avoiding fingerprinting like this*
3 comments
j1elo 1264 days ago
Yes that's exactly what I do. I just left it as an "exercise for the reader" to not make the comment too long :)

This kind of stuff is also useful, for example, for AWS machines:

  Host ec2-*.compute-1.amazonaws.com
      # KeepAlive of 50 seconds, because AWS times out after 60:
      # https://aws.amazon.com/blogs/aws/elb-idle-timeout-control/
      ServerAliveInterval 50
link
jmmv 1264 days ago
Additionally, you can also do:

Host foo foo.example.com some.other.alias

link
rjh29 1264 days ago
Nice tip about the placeholder, I will steal that. Thanks.
link