git.lirion.de

Of git, get, and gud

aboutsummaryrefslogtreecommitdiffstats
path: root/.profile
blob: e96906d27976e4ed7ce4348b7321a6e3f32398d4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13

# Expectation: .bash_profile exists then this file isn't read at all.
# Reality: well... .profile not being looked at at all _can_ happen.

# Set umask to something world-unreadable in any case
umask 027

# include .bash_profile - if we arrived here at all, it's important to do :-)
if [ -n "$BASH_VERSION" ]; then
	# include .bashrc if it exists
	if [ -f "$HOME/.bash_profile" ]; then
		. "$HOME/.bash_profile"
	fi
fi
© 2014-2019 lirion.de – served by cgit – All Rights Reverse Engineered
000 } /* Name.Variable.Magic */ .highlight .il { color: #009999 } /* Literal.Number.Integer.Long */
# vim:syntax=sshconfig:ts=4
# in case of no ssh-agent:
#IdentityFile ~/.ssh/id_ed25519
#IdentityFile ~/.ssh/id_rsa
# ...place that inside an extra .conf file.
SendEnv			LANG LC_* MUTTEXEC
HashKnownHosts	yes
ForwardAgent	yes
#ControlMaster	auto
#ControlPath		/run/user/%i/ssh/cm-%r@%h:%p

# ControlMaster: to use SSH multiplexing with ProxyCommand (e.g. to reach host b through host a)
# Host b
#	Hostname b.example.com
#	ProxyCommand ssh a.example.com -W %h:%p
#	# controlpath, controlmaster are the same as above
# 
# For older SSH daemons: RSA SHA-1 is being quickly deprecated across OSes for various security
# vulnerabilities. If you need to re-enable that (e.g. for hardware like network devices which are
# often prone to vulnerabilities due to slow upgrading), you can re-enable this and you SHOULD do
# this ONLY for specific hosts. (Yes, this ofc also affects clients - which it did on an Arch Linux here.)
# Also see https://www.openssh.com/txt/release-8.2
# In any case you should check whether your device understands rsa-sha2-* signature algorithms. While
# testing this, I found out that "ssh-keygen -trsa" made my keys SHA-1 so far – you might want to change
# that to "-t rsa-sha2-256" or whatever and check whether you can still connect to the RSA requiring hosts.
# If you have a proper naming convention for your devices, you can still easily wildcard this. If you
# don't, you either don't have many devices or you moronically did not think device names through. ;-)
# Host sophos* *-mik-*
# 	PubkeyAcceptedKeyTypes +ssh-rsa
© 2014-2019 lirion.de – served by cgit – All Rights Reverse Engineered