ssh: future-proof config

author: Caroline Larimore <caroline@larimo.re> 2026-01-27 13:48:35 -0800
committer: Caroline Larimore <caroline@larimo.re> 2026-01-27 13:48:35 -0800
commit: 5d1f2f412eba3bc6c16ac2c32d1fe57ccf7c53f9 (patch)
tree: e99c2d7a3defc13f9d56728463db56c34a1b91d2 /modules/home/tools
parent: b62ca134e19daadbff77e4440951be54ead1c401 (diff)
1 files changed, 22 insertions, 1 deletions
diff --git a/modules/home/tools/ssh/default.nix b/modules/home/tools/ssh/default.nix
index fb5830c..e34428e 100644
--- a/modules/home/tools/ssh/default.nix
+++ b/modules/home/tools/ssh/default.nix
@@ -15,7 +15,28 @@ in {
       ];
     };
 
-    programs.ssh.enable = true;
+    programs.ssh = {
+      enable = true;
+
+      #TODO: set up match block for copenhagen to enable forwarding
+      enableDefaultConfig = false;
+      matchBlocks."*" = { # old default config
+        forwardAgent = false;
+        addKeysToAgent = "no";
+
+        compression = false;
+
+        serverAliveInterval = 0;
+        serverAliveCountMax = 3;
+
+        hashKnownHosts = false;
+        userKnownHostsFile = "~/.ssh/known_hosts";
+
+        controlMaster = "no";
+        controlPath = "~/.ssh/master-%r@%n:%p";
+        controlPersist = "no";
+      };
+    };
 
     services.gpg-agent = {
       enableSshSupport = true;
author	Caroline Larimore <caroline@larimo.re>	2026-01-27 13:48:35 -0800
committer	Caroline Larimore <caroline@larimo.re>	2026-01-27 13:48:35 -0800
commit	5d1f2f412eba3bc6c16ac2c32d1fe57ccf7c53f9 (patch)
tree	e99c2d7a3defc13f9d56728463db56c34a1b91d2 /modules/home/tools
parent	b62ca134e19daadbff77e4440951be54ead1c401 (diff)