From 5d1f2f412eba3bc6c16ac2c32d1fe57ccf7c53f9 Mon Sep 17 00:00:00 2001
From: Caroline Larimore <caroline@larimo.re>
Date: Tue, 27 Jan 2026 13:48:35 -0800
Subject: ssh: future-proof config

---
 modules/home/tools/ssh/default.nix | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

(limited to 'modules/home')

diff --git a/modules/home/tools/ssh/default.nix b/modules/home/tools/ssh/default.nix
index fb5830c..e34428e 100644
--- a/modules/home/tools/ssh/default.nix
+++ b/modules/home/tools/ssh/default.nix
@@ -15,7 +15,28 @@ in {
       ];
     };
 
-    programs.ssh.enable = true;
+    programs.ssh = {
+      enable = true;
+
+      #TODO: set up match block for copenhagen to enable forwarding
+      enableDefaultConfig = false;
+      matchBlocks."*" = { # old default config
+        forwardAgent = false;
+        addKeysToAgent = "no";
+
+        compression = false;
+
+        serverAliveInterval = 0;
+        serverAliveCountMax = 3;
+
+        hashKnownHosts = false;
+        userKnownHostsFile = "~/.ssh/known_hosts";
+
+        controlMaster = "no";
+        controlPath = "~/.ssh/master-%r@%n:%p";
+        controlPersist = "no";
+      };
+    };
 
     services.gpg-agent = {
       enableSshSupport = true;
-- 
cgit v1.2.3