~/.ssh/config magic for WMF hosts
No One
Actions

Authored By

	bd808
	Jul 29 2015, 3:50 PM

Size

1 KB

Referenced Files

None

Subscribers

None

~/.ssh/config magic for WMF hosts
View Options

	# WMF Labs
	Host gerrit gerrit.wikimedia.org
	Hostname gerrit.wikimedia.org
	Port 29418
	User <YOUR GERRIT SHELL NAME HERE (eg bd808)>
	IdentityFile <PATH TO YOUR GERRIT SSH KEY HERE (eg ~/.ssh/gerrit_rsa)>

	Host bastion.wmflabs.org
	ProxyCommand none
	ControlMaster no

	Host .wmflabs .wmflabs.org
	User <YOUR LABS SHELL NAME HERE (eg bd808)>
	IdentityFile <PATH TO YOUR LABS SSH KEY HERE (eg ~/.ssh/wmflabs_rsa)>
	IdentitiesOnly yes

	Host *.wmflabs
	ProxyCommand ssh -a -W %h:%p bastion.wmflabs.org


	# WMF Prod
	Host bast1001.wikimedia.org
	ProxyCommand none
	ControlMaster no

	Host .eqiad.wmnet .codfw.wmnet *.wikimedia.org !gerrit.wikimedia.org
	User <YOUR PROD SHELL NAME HERE (eg bd808)>
	IdentityFile <PATH TO YOUR PROD SSH KEY HERE (eg ~/.ssh/cluster_rsa)>
	IdentitiesOnly yes
	ProxyCommand ssh -a -W %h:%p bast1001.wikimedia.org


	# Use strong ciphers when connecting to WMF servers
	Host .wmnet .wmflabs *.wikimedia.org !gerrit.wikimedia.org
	Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
	KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256

	# Global defaults
	Host *
	ForwardAgent no
	ForwardX11 no
	Protocol 2,1
	ControlMaster auto
	ControlPath ~/.ssh/sockets/%C
	KeepAlive yes
	ServerAliveInterval 60
	PreferredAuthentications publickey