Hi, I'm very grateful for the new ProxyJump option. It helps tremendously! One small question I'd like to ask, though: Is there a way to skip one (mostly the first) jump host if the machine is in some specific network? For example, from home, I (resp. a shell script) need to jump to the office's server, a customers' login host, and then to the destination node; from the office I could skip the first jump. I'm aware of the "Match" keyword in .ssh/config; but I don't see how I could use that here, as I cannot check for the locally configured IP address or network to find out "where" I am. Interactively I could easily append some marker (like ".office"), match on that, and hopefully just have a ProxyJump to the office's server in that stanza; but within scripts that's a bit awful. Is there a way to get that working? Thanks for all help, ideas and hints.
On 2016-08-12, Philipp Marek <philipp.marek at linbit.com> wrote:> I'm aware of the "Match" keyword in .ssh/config; but I don't see how > I could use that here, as I cannot check for the locally configured > IP address or network to find out "where" I am.Match exec The exec keyword executes the specified command under the user's shell. If the command returns a zero exit status then the condition is considered true. Commands containing whitespace characters must be quoted. The following character sequences in the command will be expanded prior to execution: [...] -- Christian "naddy" Weisgerber naddy at mips.inka.de
On Fri, Aug 12, 2016 at 7:39 PM, Philipp Marek <philipp.marek at linbit.com> wrote:> For example, from home, I (resp. a shell script) need to jump to the > office's server, a customers' login host, and then to the destination > node; from the office I could skip the first jump. > > I'm aware of the "Match" keyword in .ssh/config; but I don't see how > I could use that here, as I cannot check for the locally configured > IP address or network to find out "where" I am.Match exec, put your detection logic in a script, and have two ProxyJump config lines? -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
> > For example, from home, I (resp. a shell script) need to jump to the > > office's server, a customers' login host, and then to the destination > > node; from the office I could skip the first jump. > > > > I'm aware of the "Match" keyword in .ssh/config; but I don't see how > > I could use that here, as I cannot check for the locally configured > > IP address or network to find out "where" I am. > > Match exec, put your detection logic in a script, and have two > ProxyJump config lines?Great, thanks. I seem to have not understood the man page correctly ;/ Thanks a lot!
Another question:
How would I define "ControlPersist" for the first ProxyJump host?
Ie. is it possible to get one persistent connection to the jump hosts, and
to reuse them via ProxyJump?
I tried to use
Host *.behind.jump.host
ProxyJump <user>@<first-jump-host>,<next-jump-hop>
Host <first-jump-host>
User <user>
ControlMaster auto
ControlPersist yes
but it doesn't work that way.
Thank you for all hints!