From 5a692efda164614cb3704da71a22bb617a192bcd Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Mon, 19 Aug 2024 10:28:55 +0200
Subject: Simplify SSH configuration

---
 tw/home.scm | 36 +++++++-----------------------------
 1 file changed, 7 insertions(+), 29 deletions(-)

diff --git a/tw/home.scm b/tw/home.scm
index c5f2934f..f06e762f 100644
--- a/tw/home.scm
+++ b/tw/home.scm
@@ -225,12 +225,6 @@
           (user "git")
           (port 7999)
           (proxy no-proxy))
-        ;; BitBucket apparently only supports ssh-rsa.
-        ,(openssh-host
-          (name "bitbucket.org")
-          (user "git")
-          (host-key-algorithms '("+ssh-rsa"))
-          (accepted-key-types '("+ssh-rsa")))
         ;; CERN stuff
         ,(openssh-host
           (name "lxtunnel.cern.ch")
@@ -243,36 +237,20 @@
   ControlPath ${XDG_RUNTIME_DIR}/ssh_mux_%h_%p_%r
   ControlPersist 5m
 "))
-        ,(openssh-host
-          (name "lxplus*.cern.ch")   ; also catch e.g. lxplus9
-          (proxy no-proxy)     ; no jump needed
-          (extra-content "GSSAPIDelegateCredentials yes"))   ; needed for EOS home mount
-        ,(openssh-host
-          (name "aiadm.cern.ch")
-          (proxy no-proxy)     ; aiadm refuses connections via lxtunnel
-          (extra-content "GSSAPIDelegateCredentials yes"))   ; needed for EOS home mount
-        ,(openssh-host
-          (name "aiatlas*.cern.ch")
-          (extra-content "GSSAPIDelegateCredentials yes"))   ; needed for EOS home mount
-        ,(openssh-host
-          (name "twilkenlaptop.cern.ch")
-          (forward-x11? #t)
-          (extra-content "GSSAPIDelegateCredentials yes"))
+        ;; No proxying needed.  aiadm even refuses connections via lxtunnel.
+        ,(openssh-host (name "lxplus*.cern.ch") (proxy no-proxy))
+        ,(openssh-host (name "aiadm.cern.ch") (proxy no-proxy))
         ,(openssh-host
           (name "*.cern.ch")
           (user "twilken")
           (identity-file cern-ssh-key)
           (proxy (list (proxy-jump (host-name "lxtunnel.cern.ch"))))
-          (extra-content  "\
-  # Kerberos authentication
-  GSSAPIAuthentication yes
-  GSSAPIDelegateCredentials no
-  PreferredAuthentications gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
-"))
+          ;; Delegated credentials are needed for EOS home mount on some systems.
+          (extra-content "  GSSAPIAuthentication yes\n  GSSAPIDelegateCredentials yes"))
         ;; Default SSH key. This isn't in ~/.ssh as `home-openssh-service-type'
         ;; manages that and might delete keys there.
         ,(openssh-host
           (name "*")
           (identity-file default-ssh-key)
-          ;; Remote servers probably don't know about xterm-kitty.
-          (extra-content "SetEnv TERM=xterm-256color")))))))
+          ;; Remote servers probably don't know about kitty or foot.
+          (extra-content "  SetEnv TERM=xterm-256color")))))))
-- 
cgit v1.2.3