SSH config notes

Some examples from my .ssh/config file.

All my automatically installed Raspberry PIs are in the same tinc within the same group of ten. I use archlinuxarm, so I want to use the user alarm as my default. The IP address range is from .20 to .29.

  User alarm

On the rare occasion I have to manually create an AWS server, I need this.

Host manual-aws-server
  User ubuntu
  IdentityFile ~/.ssh/given-certicate.pem

Login with custom user, custom port and specific certificate only for this system.

Host custom
  HostName custom.local
  User username
  Port 8022
  IdentityFile ~/.ssh/custom-local-id_ed25519

Raspberry DNS problems with ArchLinuxARM and DNSSEC

Some of my Raspberry PIs are offline for some days/weeks. After that the system time is off big time.

I thought: We have systemd-timesyncd. That should be fixed after a few minutes. But DNSSEC doesn't work when the time is off this much.

Problem analysis

For example: ping results in

ping: Name or service not known

But dig works. (When you have it installed! Not the default on archlinuxarm.)

The log in the systemd journal helps here:

DNSSEC validation failed for question IN A: signature-expired

And the same for all the ntp domains:

DNSSEC validation failed for question IN DS: no-signature

Possible solutions

a) use an IP address in timesyncd config

Add some of the ntp ip addresses to /etc/systemd/timesyncd.conf


After that restart timesyncd with systemctl restart systemd-timesyncd.

But the timesyncd always gets a time out:

systemd-timesyncd[295]: Timed out waiting for reply from (

b) disable dnssec in resolved

Add this line at the end of /etc/systemd/resolved.conf:


After that restart resolved with systemctl restart systemd-resolved.

And after some minutes and the next update from timesyncd you have the correct system time again.


Disabling DNSSEC is not what I wanted, but atm I don't see another way to solve this reliably.

Raspberry PI tty1 monitor autostart

We wanted to show a logfile on a display connected to a Raspberry PI.

As described in we created the file: /etc/systemd/system/getty@tty1.service.d/override.conf with this content:



The script started by systemd gets the current file in /home/pi/logs and tails it:

  cd /home/pi/logs
  sleep 10
  fn=$(ls -t1 | head -n1)
  tail -F ${fn}

To reload and enable the service:

systemctl daemon-reload
systemctl restart getty@tty1.service