diff options
| -rw-r--r-- | nix/users/fcuny/ssh.nix | 12 | ||||
| -rw-r--r-- | nix/users/fcuny/work.nix | 3 |
2 files changed, 11 insertions, 4 deletions
diff --git a/nix/users/fcuny/ssh.nix b/nix/users/fcuny/ssh.nix index ca0baca..f8c1468 100644 --- a/nix/users/fcuny/ssh.nix +++ b/nix/users/fcuny/ssh.nix @@ -25,9 +25,15 @@ preferredAuthentications = "publickey"; }; }; + "chi1-jumpcontainer-es" = { + hostname = "127.0.0.1"; + port = 44641; + extraOptions = { + NoHostAuthenticationForLocalhost = "yes"; + ControlPath = "~/.ssh/sapi_controlmasters/%r@%h:%p"; + ControlPersist = "10m"; + }; + }; }; }; - - # if the configuration for SAPI exists, let's include it. - programs.ssh.includes = lib.optional (builtins.pathExists "/Users/fcuny/.ssh/config/config_sapi") "~/.ssh/config/config_sapi"; } diff --git a/nix/users/fcuny/work.nix b/nix/users/fcuny/work.nix index 996e4b9..f931d08 100644 --- a/nix/users/fcuny/work.nix +++ b/nix/users/fcuny/work.nix @@ -18,7 +18,8 @@ programs.fish = { shellAbbrs = { "ssh-sign-chi" = - "${pkgs.hashi}/bin/hashi -e chi1 sign --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key"; + "${pkgs.hashi}/bin/hashi -e chi1 sign --output-path=/Users/fcuny/.ssh/cert-chi1 --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key"; + "pssh" = "ssh -J chi1-jumpcontainer-es -o 'CertificateFile=~/.ssh/cert-chi1'"; }; }; } |