#!/bin/sh
#
# Filename: config-fast-ssh
# Author: Olivier Sirol <czo@free.fr>
# License: GPL-2.0 (http://www.gnu.org/copyleft)
# File Created: 12 May 1999
# Last Modified: Thursday 09 October 2025, 13:09
# $Id: config-fast-ssh,v 1.30 2025/10/09 11:10:27 czo Exp $
# Edit Time: 11:12:09
# Description:
#
#   configure ssh with my authorized_keys and config
#    curl -fsSL https://gitlab.com/czo/dotfiles/raw/master/config-fast-ssh | sh
#    curl -fsSL https://raw.githubusercontent.com/czodroid/dotfiles/master/config-fast-ssh | sh
#
#   also works in wget: wget -qO- https://pwet | sh
#
#   You must do a "cd" before running this script to modify your own ssh configuration.
#
# Copyright: (C) 1999-2025 Olivier Sirol <czo@free.fr>

echo "## -> ssh-keygen + authorized_keys"

## This script works in '.', so in current directory!!!!

## dropbear root
# rm /root/.ssh
# ln -s /etc/dropbear /root/.ssh
# dropbearkey -t rsa -s 4096 -f /root/.ssh/id_dropbear
# dropbearkey -y -f /root/.ssh/id_dropbear | grep "^ssh-rsa " > /root/.ssh/id_dropbear.pub

## OpenSSH
cp -rp .ssh .ssh_fast_$(date +%Y-%m-%d)_$$
rm -fr .ssh
mkdir .ssh
chmod 700 .ssh

ssh-keygen -t rsa -b 4096 -N "" -f .ssh/id_rsa

# new passphrase:
#ssh-keygen -p -f id_rsa

# new comment:
#ssh-keygen -c -C 'czo@lagavulin' -f .ssh/id_rsa

echo "# this host" > .ssh/authorized_keys
cat .ssh/id_rsa.pub  >> .ssh/authorized_keys

cat << 'EOF' >> .ssh/authorized_keys

# chezwam
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/nz200qgZLj9r9M99ig0LEXBTumuIYbW/64EoamTgVWr7kroRA/raDGDcq1SaZpmtvgKVwKGBidP/+ude9LlNxRb+YABZfPI/mOy2/TUsrK5w8z4IcoxZQy+ah1vGmlQk1GOlIkKkGK0VUjaYZeQfhbPxTLRmxzrZLIQ70qdfJ07BQIerlA0gWozbpzhbSLwdCPBJS9vKUpRIPlggnPpMY8fhwQSE2cZFmfJIFlI3G5BTQoMTCoQsLipBQc6TlY3NIXwl7LH1jAjytXfWkTsRSopQ9eVsHgOpZE657u1nQdI9ztCHsbyr9xnpPMK5iiWqYEQaG8j8u56A8GuUl0wkNeqF6+3t+9TI2ps5UmiPoFYMp+BA2krEVr1BjpWDrvCAy7Grd8dv7UrQas5jiI2iH9RaSSnXVmZ15DkKsoHm/h6pLewVkoLPRHF9OHDo2+A4sypX8psyRkeKW6f2hlZAvmUZmu9aNfy7njin7LHHPg67u5jikWbSMyM9qM2a42VKXwvktNV1KQUILgay7DInxEXwj5wKvEea2b8pRyTR1rgNr2DofyR+X4dM13XqCcCbPUOiXUscJz7U7+lBPbDi/4Tzm/eaQ9u35DU9QDznxXLb/eBTmMTiqdSQ96BX36FKm/guUOqSR34yMuRoin+l7hm66gxvhkGPiqTZ9OArsQ== czo@askaig
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDoQFYXob/+i4tZdSomRWZhbPXbkQvdjKmabQxEUe+dkiYcxt4r9CDorBqSf2ZYQ2o2unSnQVUFOSv2jUyDGro/veOyik6eMW/Q/Ju+1xYq78rNu0PFQmQr2e+7gxwMVTdFt77yINwC11G+u1LZsEz2AZLEf9xqC1Tu60vKoLKJTG0eW4S7aoQVToA6sbevMeLvqZD/xf5jX+/j18AxS06lxXvUWZQCaB2e1PQWR2lOvLY+lknxVdy1Aevxq+f9cKTkxcgA6aaMX/E5/Tx4qhvHYXomjvgJy7OCe9WbijIH9ac2HJe4CbIYLqzdHPrKo3IdW4cNHN259LzOyFnJM79fo2p/yMn+YcfpMRSSm73Hmd2/YturVvXJP1vdJ0KfvSi0/F0pCoytDgB5JnJdDyLzlQ69dNmusBgzY8g7O/KLgIZKI8QWXsJ6ll17micWIhg2S4jUAnIFpvr/2WKxdfeTyUzRmpFEz0Y8AIXmSbfBRI8Q16wJ5RYQw+h1XCDVef2xkyJvn1gHehpenuxAUiD/RFAMhCWwM7niVAa2Itk7Ugg7ycR6LNesQRSbQ0i+I67LHJ9F9qW3Ka3RNPJlZ7B+3oCJitBfh71Q/Mh4Zc3NymMaE6TAg/LkNvWQTBdEc8TVi6uRF+nGw3xtiQu1cnAqP7SnO8UelOCbk8qtbAFdtQ== czo@bruichladdich
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtm1cbyMSlktddkp8UvYRLjCRI5aGuRlAHSFo09ZQ6ilNw6uqYZ4KW0RqWGVenkzePAvMnk4/y5S/4nmb8+FRz3uIfaslVikE1ydgrW1JlVc8+KUTb5yho/BApeQyf7WLIGX5DDS7WOBa7mYTig/Ss9VyynCrUQneJosCKFfRFxyBENojiILOgX36bjyi5DpD2c5/ysQx8LUVB/7zsCBIiZPnBH+869Hr1HF8JgdiNKz03k1drb0LsmkCtG6X8j1pj7xXDhDxcKVWksmb7Yf/9utjAjwWNc9NwwM3KvUdKRmLUJ34K3hgXTWpH8JD0ymoy1aCreR1+37C00u5nVQbSsioNl0u3a5i1VkoXE1TV7n8fDblLSrZaTxkFt81iliuB3pIaPHSkaG4ynCwz3UYP1q1gp/eiYm4FVPUhSoWbzNeeY3wuR1X6qNqaZGAlIePNqT2vwy38H9p7AwCs1A3i8DCD0BBSJbSQNU8KpHeKNMe+XWtH9v0V6fztCYC/tDYb8gbaY5IsV8w748T8qoFAHbqCiK/fiR2/HBqj2khXxEGC08nuL5Sog96NIIJl+Wi831M02iRYw/HegUouzuoXL6uab6IE1SpwazERKSQXInXCVT/iZH4W/qTn9Z13OjGCsyxrGlZNNb6/PcIcE3UXhB5V+BuXSheLYnU6ItZrKQ== root@bruichladdich
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGmlcfgW5Yym3jHM0yfCk5qBO6JLDUM2jqFU+6kAswsYy+1MjHHU9jCGHDXQkAkeVTMfqamWgPGoBZLvSLEYv2B8ZT79gZkjmQ0eIIiTzmOoj5b/dpMvCHzxqapOgvWSO45rUiIxlAxfCfR3klYxOFstDkTrlP4OlVR3Qq9P+oU6xmNsdsd3nHJg+NNG9xai4bunR4qdby+Th6kr5lQCFNAxuwAWXdTOXiXa2ZsCk0TKVIoDG3Y6LuAzR1C3Qf1pEI5sHjWHm/ElBmnQvqCT2zP79PkZMaRLgno7/Odcdqc5iOreSqMb11IynatsVsSS0vWt5O9NxCdqRFr+fm/e1bnyt8VTRf8cb1pYb0SjmES5whGCLzEdEfIs6hVC3m+X+MlsCMNxeKpTJHWdyGw6LaDFZSDUnvMuWhwEcFeOkFzPmyeTZK7ikjAGmaVy/oThYquF3H+lxAs1V3b054O83rZU5iv4Nedbul6X++LD8R0OJiC+w/tLf7RjSdwPObwmeYSvCS95NxxpwQneqjrh8/ToxkGn9r4xb9hssANZhqzZesYcsIgLAfWseIlO6O6u/FboGC4W4Pc3G0mIgRi3ho8NHtV37bb1HikrKsA4MhbK8kXZLVkTdaRQkGY0draRvUAZQJ9d3tfz6kaXQl9Lv0BzVh21tV72wcyE1RF1zXQQ== czo@dalmore
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDeG+qnGfOvkZjn19m/3h1uU7ovu+yUfxxFPoaeCVFKG095fH6FvCuUdVygp7CX2pCZMCaEAT1TE8n0+6qIhD4wpV1SUTsrsC5nUxc8mVgDMlQbJ5aNgUxIDx+aZawXpx3qYwcW1jDrWc0GnjcAhj8EG3GXetIchOSEp2jOa6m1SFA41QVk26LkCHMNXxbNKr65Ip8WEh/mY8eTIyrTnNZVSp6AdodmU/M5MWzbmkmOk/VNKg7dhOvpcfzu6VqB9ZCwDl6ryWp4waJIbl81HnsZu/HcyIwV0qmRHdSf1J1IywkwK0H7wJFf7lNUpZXkhAdIr0B7jZOUEJ7ERAtZoiYfItsJSsk8B5fH3sVpW1RRNOwTWTKs3FKYfiiB9tryJPHWg5hktUh9R2xKSgdEdvyg3mbyBuYRtjLqhicup+t8P1Ewo3Q0/mjMyuORl+pkAuCAqwF248ATilPbV67lyzJLVUbt8rs+K9dafTdVBOrjXef14jQ+0bbHbUWkpn99zlU4+QzXkub920kX68lvYNnVxG+R3mnR9aDy9/8a0dbzwimbvln7K2oC5uQJNG6wZYHWK5LUaXeAMM+ziBT3KeOmlSIbwBHDt3AYFiSmm01Cv8Zqzpr219hmxNxBOkbBY2t1VpL+XAydXaRgSoXnsaJ+3HIpB6/It7oV7kK+HAwJuw== root@dalmore

# ipgp
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1pgf7e+gh3Ywe1rxOSqnyaq1sQBnSgRFsiZaAWjovBTK1JltKgzmDY6ipNj/6zv106mugogrIlE1BrWDtqahfMdEkahquBBeSCnRJgm3FcD31UWctwBMdaRRrgJU1oFkzx5ECu9vqokCBFnIEF6UZb4spJ9PEjJEnyFJ6t8lvSoVeQ42iW6Og/5B/6f2O60XEMcqo1reRGEAV+znkYC42kS9ZsgZCIznram28RKmN+k5T0vN849kXBQCnMrCOm031IUNsiQbLkUKgEhbiRbaUB4S5sAtnEpVtqILcVCy0CyfPLhspUzN+b74u/bZfay2S3yoGBMqeIw8fN1nY20XSz8TqcuDNtLGHmICyRxnNiV08Y6fhya6ajIjl1nVxCkoo0g7/RkDdqr7YGUdc+HiVY36hqtaFDTWIHT1H1BGScdhfME8IN3e8uHD3WPlKuhBhuFJuMdZiia3k70sl1D5XcFoVQiRckNk5YObDyk75aZ7PbybhXxMD3tzBofQzpPnHbfsnBTZFLFpQHlm63wEjojqoxd24BgRE8JGZE9dTo+1CFmzmvHYyZp9bg44fL3LGnDXtdn1z9CjRx3Y+spiCbXKYCQSFmPocoBS6pHQGO6wfwBf7RmFHbBq6WYsNzyFwfQsbvC7yJNlFrJznkkB81s4ZFB+NQfrzOdfQB/S18w== czo@bunnahabhain
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCxcaXJWMUucnrYd3oRWLZ1e/ur4knE1KeKXXYiwr3u9yVXepKTVLEnzSP0pvkzSqelXbVGzSmCxOMdvX8LjnBEOdGddnWBbi1AAVVfYMm6+PWag92cjwcgHB7Nx6DQbAxX8d4ke2B2Tk8P4btqNCFRcKwjZo02KoZINassOWn7f03cc8xlqfqCtUoFAKPcliF3EFppmYw/8CWBgvQL8PcPnxDKiPTO4L4cLK8e4tCg0UKzr1dr8dpTkCXg9REjuGqfIpRAbERzVqg8l266eRn/nlsaWSU9sPH5rY9B0R314QaJNGTfmRoOlj9U4CQBSLA3P5gf0klyK/LR1Xc7XTQYe4X4qrShQa3OmzZBv87MBz2mEF7hstXMigUtjfqkVSKbygiwdlfAa3GQUpNzLZWxj2gAXR1KLdVFx9IGOL7D6TQy2XymUfO3iS6hoBRGnmbbiVY/aXGdLjKOkSNahtUZvPJTc6yrLSGNAjzxr1IVzv6IJlsbwR/YeznDvTa4/OldM2dbfKtG6I5moEF/4wSqzye9UPdZdW7fZURGz9aSixntX5GKJj1L/3aHAGNCa2IOfxR8cwp0qb6YbWFbUUmz+dtdSFhDgD01V4Gwes441an9sP30CC4l9QXwm7M6B0w1Fu7J4Jk+2SOjGgii17VcJ0AQ7LvCs/c/51sGDXyl0Q== root@bunnahabhain

EOF
chmod 600 .ssh/authorized_keys


cat << 'EOF' >> .ssh/config
# Filename: config

## CHEZWAM's PROXIES

# bunnahabhain
Host *+b
 VerifyHostKeyDNS no
 ProxyCommand ssh -p52022 root@lartha nc $(echo %h | sed 's/+.*//') %p

# aberlour
Host *+a
 VerifyHostKeyDNS no
 ProxyCommand ssh -p40022 root@lartha nc $(echo %h | sed 's/+.*//') %p

# geoscoperd
Host *+g
 VerifyHostKeyDNS no
 ProxyCommand ssh -p51022 root@lartha nc $(echo %h | sed 's/+.*//') %p

# lartha
Host *+l
 VerifyHostKeyDNS no
 ProxyCommand ssh -p42022 root@czo.wf nc $(echo %h | sed 's/+.*//') %p

# cvs on dalmore
Host dalmorechezwam
 VerifyHostKeyDNS no
 ProxyCommand ssh -p42022 root@czo.wf nc dalmore %p

## CHEZWAM

Host czo-rutxr1 pel-rutxr1
 Port 222

Host czophone10 czo-taba matphone
 Port 8022

# Host test* debian* ubuntu* centos* fedora* arch* freebsd*
#  StrictHostKeyChecking no

Host centos5 debian4 debian3-1 solaris10 opensolaris
 KexAlgorithms diffie-hellman-group1-sha1

Host sb-armand sb-marion sb-sdb gp-fedora1 gp-fedora5 fedora1 fedora5 redhat72 redhat8
 Ciphers aes256-cbc
 KexAlgorithms diffie-hellman-group1-sha1

Host freebsd5
 ## openssh-9.8p1-1: no matching host key type found. Their offer: ssh-dss
 # HostKeyAlgorithms ssh-dss
 KexAlgorithms diffie-hellman-group1-sha1

## DHCP
Host chezwam-* 192.168.0.1  192.168.1.1
 UserKnownHostsFile /dev/null
 StrictHostKeyChecking no

## THE REMAINDER

Host *
 Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
 # dalmore from openvpn
 # KexAlgorithms curve25519-sha256
 NoHostAuthenticationForLocalhost yes
 StrictHostKeyChecking ask
 HashKnownHosts no
 GSSAPIAuthentication no
 ServerAliveInterval 29
 ServerAliveCountMax 3
 ForwardX11 yes

EOF
chmod 600 .ssh/config