There are situations —like working with Ansible— where naming hosts is paramount so that everything is organized, readable and explicit. This implies the whole team settles on a naming convention.
Alas, for the vision of one man lends not its wings to another man.
, the team members sometimes can't agree on such a convention, ending with :
File | Single naming convention | Multiple naming conventions |
---|---|---|
Ansible inventory file Common to all team members, usually shared via Git. |
apache ansible_host=platformA_apache mysql ansible_host=platformA_mysql |
apache ansible_host=xyzABC_123-j_054 mysql ansible_host=xyzABC_123-j_012 |
~/.ssh/config Not shared with the team |
Host platformA_* User kevin ProxyCommand ssh bastion -W %h:%p IdentityFile ~/.ssh/myPrivateKey AddKeysToAgent yes StrictHostKeyChecking no Host platformA_apache HostName 192.168.0.45 Host platformA_mysql HostName 192.168.0.46 |
Host platformA_* xyzABC_123-j_* User kevin ProxyCommand ssh bastion -W %h:%p IdentityFile ~/.ssh/myPrivateKey AddKeysToAgent yes StrictHostKeyChecking no Host platformA_apache xyzABC_123-j_054 HostName 192.168.0.45 Host platformA_mysql xyzABC_123-j_012 HostName 192.168.0.46 |
SSH is not able to use a proxy in order to access external computers.
To do so, you'll need an extra application to tunnel TCP connections through an HTTP Proxy supporting the CONNECT
method : here comes corkscrew.
Host sshServer HostName 12.34.56.78 User stuart IdentityFile ~/.ssh/myPrivateKey ProxyCommand corkscrew proxy.myCompany.tld proxyPort %h %p ~/.corkscrew
Host sshServer HostName 12.34.56.78 User stuart IdentityFile ~/.ssh/myPrivateKey ProxyCommand connect-proxy -H http://otherProxy.mycompany.tld:proxyPort %h %p ServerAliveInterval 120See : source, man page
Host 172.17.* StrictHostKeyChecking no UserKnownHostsFile /dev/null LogLevel QUIET
ssh -At {REF:U@I:C03D4B434F400B4C843F682A994B0A02}@{REF:A@I:C03D4B434F400B4C843F682A994B0A02}{ENTER}{DELAY 100}{REF:P@I:C03D4B434F400B4C843F682A994B0A02}{ENTER}ssh -At {USERNAME}@{URL}{ENTER}{DELAY 100}{PASSWORD}
{whatever}
placeholders will be replaced by the value of the named variable or key or action :
USERNAME
: username of the current entryREF:U@I:C03D4B434F400B4C843F682A994B0A02
: reference to the value of another entry (details)ENTER
: # Host 10.201.95.197 found: line 124 /home/kevin/.ssh/known_hosts updated. Original contents retained as /home/kevin/.ssh/known_hosts.old
Host sshTarget User stuart ProxyCommand ssh %r@sshHop -W %h:%p
You'll need PuTTYgen and this procedure to generate a private (keyName.ppk) + public (keyName.pub) key pair at the PuTTY format.
The public key is a text file such as :
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "this-is-my-key" AAAAB3NzaC1yc2EAAAABJQAAAIBH+WrDPd3hTZMmZCIfn0olQYDkU3ay/GzSwsoq gZe1NzNeUMIt45dYI6SoM2JTog8Qm04pyzb1FkB2N35TpNanY5B8fmtkVc/s4Dmp 7n++56VhU6gcceeuVTZuGwgJ17+CrmoAcBogHgR1Wwb32UJNsVXYs2TIzqlZa4n/ 3GB0uw== ---- END SSH2 PUBLIC KEY ----It contains a header line + a comment + the public key itself + a footer. You can convert it into the OpenSSH format :
ssh-rsa public key comment (usually the owner ID)
As these commands use the ~ wildcard, run them as the user owning the ~ directory.
alias ssh='ssh -i ~/.ssh/id_rsa'
" >> ~/.bashrc && source ~/.bashrc