hubert depesz lubaczewski
2015-Nov-18 10:25 UTC
How to add configuration (~/.ssh/config) per ip?
Hi,
at work we have hundreds of machines, and for various of reasons, their
hostnames (with domain) do not reflect their physical location.
This means that for host "a.bb.cc" i have to go through jump host
"jump1.bb.cc", and for "c.bb.cc" i have to go through jump
host
"jump2.bb.cc".
which jump host should be used can be deduced by IP, but it looks that
rules like:
Host 10.1.*
ProxyCommand ssh -W %h:%p jump1.bb.cc
Are not being applied when I just:
ssh a.bb.cc
Is there any way to make ssh apply rules both based on name and based on
ip?
I could, of course, add special rule for each hostname, but that would
mean that my ~/.ssh/config will be huge, and constantly change (new
hosts added, old hosts removed).
Best regards,
depesz
--
The best thing about modern society is how easy it is to avoid contact with it.
http://depesz.com/
On 11/18/2015 11:25 AM, hubert depesz lubaczewski wrote:> Hi, > at work we have hundreds of machines, and for various of reasons, their > hostnames (with domain) do not reflect their physical location. > This means that for host "a.bb.cc" i have to go through jump host > "jump1.bb.cc", and for "c.bb.cc" i have to go through jump host > "jump2.bb.cc". > > which jump host should be used can be deduced by IP, but it looks that > rules like: > > Host 10.1.* > ProxyCommand ssh -W %h:%p jump1.bb.cc > > Are not being applied when I just: > > ssh a.bb.cc > > Is there any way to make ssh apply rules both based on name and based on > ip? > > I could, of course, add special rule for each hostname, but that would > mean that my ~/.ssh/config will be huge, and constantly change (new > hosts added, old hosts removed).you can write a script that applies any rules you may have, or even query some database to generate on the fly and exec'ute the correct proxycommand. Something similar to: Host 10.1.* ProxyCommand connect-through-gateway %h %p where "connect-through-gateway" is that script.
hubert depesz lubaczewski
2015-Nov-18 12:31 UTC
How to add configuration (~/.ssh/config) per ip?
On Wed, Nov 18, 2015 at 01:26:20PM +0100, Salvador Fandino wrote:> Something similar to: > > Host 10.1.* > ProxyCommand connect-through-gateway %h %p > where "connect-through-gateway" is that script.Thanks. Somehow it totally slipped my mind that I can script it. Best regards, depesz -- The best thing about modern society is how easy it is to avoid contact with it. http://depesz.com/
hubert depesz lubaczewski wrote:> Is there any way to make ssh apply rules both based on name and based on > ip? > > I could, of course, add special rule for each hostname, but that would > mean that my ~/.ssh/config will be huge, and constantly change (new > hosts added, old hosts removed).Remember that you can use shell commands. So, assuming from your example that the second IP octet determines the jump host, you could do: Host *.bb.cc ProxyCommand ssh -W %h:%p jump$(dig +short %h|cut -d. -f 2).bb.cc Best regards