vm-skills/operator-bootstrap/templates/ssh_config.tpl

# SSH Configuration Template
# Generated by operator-bootstrap
# Variables: {{NODE_NAME}}, {{NODE_IP}}, {{DOMAIN}}, {{OPERATOR_USER}}

# Direct SSH to node (when on same network)
Host {{NODE_NAME}}
    HostName {{NODE_IP}}
    User {{OPERATOR_USER}}
    IdentityFile ~/.ssh/id_ed25519_{{NODE_NAME}}
    IdentitiesOnly yes
    ForwardAgent no
    AddKeysToAgent yes

# SSH via Cloudflare Tunnel (remote access)
Host {{NODE_NAME}}-tunnel
    HostName ssh.{{DOMAIN}}
    User {{OPERATOR_USER}}
    IdentityFile ~/.ssh/id_ed25519_{{NODE_NAME}}
    IdentitiesOnly yes
    ProxyCommand cloudflared access ssh --hostname %h

# Fallback with RSA key (for legacy systems)
Host {{NODE_NAME}}-rsa
    HostName {{NODE_IP}}
    User {{OPERATOR_USER}}
    IdentityFile ~/.ssh/id_rsa_{{NODE_NAME}}
    IdentitiesOnly yes
    PubkeyAcceptedAlgorithms +ssh-rsa
    HostkeyAlgorithms +ssh-rsa