# eg, in an ssh shell. confirm for regular user provides some protection
# that a rouge user program cant use my ssh key.
sed 's,^AddKeysToAgent confirm,AddKeysToAgent yes,;/^UserKnownHostsFile /d' $user_ssh_dir/config >/root/.ssh/confighome
- sed 's,^IdentityFile ~/\.ssh/home$,IdentityFile ~/\.ssh/h,' /root/.ssh/confighome >/root/.ssh/config
+ # having a different control path avoids the problem of
+ # forgetting to use confighome, and then after specifying it,
+ # it uses the multiplex socket, which means that the different
+ # key in confighome is not actually used unless we do ssh -O exit HOST.
+ sed 's,^IdentityFile ~/\.ssh/home$,IdentityFile ~/\.ssh/h\nControlPath /tmp/ssh_hmux_%u_%h_%p_%r,' /root/.ssh/confighome >/root/.ssh/config
fi
chown -R root:root /root/.ssh
cp -p /root/.ssh/authorized_keys $auth_file
update-initramfs -u -k all
fi
+
+rsync -tpur /p/c/subdir_files/.dsh /root