Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F39355
ssh_configuration
No One
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
hashar
Feb 11 2015, 4:07 PM
2015-02-11 16:07:25 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
ssh_configuration
View Options
# Content of hashar ~/.ssh/config
# Default key:
IdentityFile ~/.ssh/general_key.pub
# Production realms
Host *.wikimedia.org *.wmnet
# Key dedicated to Wikimedia production
IdentityFile ~/.ssh/wmf_id_rsa.pub
IdentitiesOnly yes
StrictHostKeyChecking yes
# I fetch the list of known hosts from tin. In my bashrc:
#
# function update-ssh-known-hosts () {
# echo "Updating ssh known hosts from tin.eqiad.wmnet"
# scp tin.eqiad.wmnet:/etc/ssh/ssh_known_hosts ~/.ssh/known_hosts-wmf
# }
UserKnownHostsFile ~/.ssh/known_hosts-wmf
# My laptop user is something else
User hashar
# For wmf labs
Host *.wmflabs.org
# Key dedicated to wmflabs
IdentityFile ~/.ssh/labs_id_rsa.pub
IdentitiesOnly yes
# My laptop user is something else
User hashar
Host *.wmflabs
# My laptop user is something else
User hashar
# Create a fake host in ssh
Host bastion.eqiad.wmflabs
# Real hostname
Hostname bastion2.wmflabs.org
ProxyCommand none
# Create fake local alias for ssh, let me use: ssh deployment-bastion.eqiad.wmflabs
# the hostname will be recognized by the labs bastion
Host *.eqiad.wmflabs
# Magic command, connect to the labs bastion and forward to whatever host I have asked
ProxyCommand ssh -a -W %h:%p bastion.eqiad.wmflabs
# Similar configuration for production hosts.
# gallium has a public IP but needs to be accessed via a bastion
#
# I can do:
# ssh mw1001.eqiad.wmnet
# ssh on my laptop will connect to bast1001 and from there ask to connect to mw1001.eqiad.wmnet
# which is known to the DNS server there.
Host *.eqiad.wmnet people.wikimedia.org gallium.wikimedia.org
# EQIAD bastion
ProxyCommand ssh -a -W %h:%p bast1001.wikimedia.org
File Metadata
Details
Attached
Mime Type
text/plain; charset=utf-8
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
37542
Default Alt Text
ssh_configuration (1 KB)
Attached To
Mode
P281 Wikimedia ssh client configuration via ProxyCommand
Attached
Detach File
Event Timeline
Log In to Comment