Page MenuHomePhabricator
Paste P281

Wikimedia ssh client configuration via ProxyCommand
ActivePublic
Actions

Authored by hashar on Feb 11 2015, 4:04 PM.
Tags
None
Referenced Files
F39355: ssh_configuration
Feb 11 2015, 4:07 PM
F39351: ssh_configuration
Feb 11 2015, 4:04 PM
Subscribers
zeljkofilipin
# Content of hashar ~/.ssh/config
# Default key:
IdentityFile ~/.ssh/general_key.pub
# Production realms
Host *.wikimedia.org *.wmnet
# Key dedicated to Wikimedia production
IdentityFile ~/.ssh/wmf_id_rsa.pub
IdentitiesOnly yes
StrictHostKeyChecking yes
# I fetch the list of known hosts from tin. In my bashrc:
#
# function update-ssh-known-hosts () {
# echo "Updating ssh known hosts from tin.eqiad.wmnet"
# scp tin.eqiad.wmnet:/etc/ssh/ssh_known_hosts ~/.ssh/known_hosts-wmf
# }
UserKnownHostsFile ~/.ssh/known_hosts-wmf
# My laptop user is something else
User hashar
# For wmf labs
Host *.wmflabs.org
# Key dedicated to wmflabs
IdentityFile ~/.ssh/labs_id_rsa.pub
IdentitiesOnly yes
# My laptop user is something else
User hashar
Host *.wmflabs
# My laptop user is something else
User hashar
# Create a fake host in ssh
Host bastion.eqiad.wmflabs
# Real hostname
Hostname bastion2.wmflabs.org
ProxyCommand none
# Create fake local alias for ssh, let me use: ssh deployment-bastion.eqiad.wmflabs
# the hostname will be recognized by the labs bastion
Host *.eqiad.wmflabs
# Magic command, connect to the labs bastion and forward to whatever host I have asked
ProxyCommand ssh -a -W %h:%p bastion.eqiad.wmflabs
# Similar configuration for production hosts.
# gallium has a public IP but needs to be accessed via a bastion
#
# I can do:
# ssh mw1001.eqiad.wmnet
# ssh on my laptop will connect to bast1001 and from there ask to connect to mw1001.eqiad.wmnet
# which is known to the DNS server there.
Host *.eqiad.wmnet people.wikimedia.org gallium.wikimedia.org
# EQIAD bastion
ProxyCommand ssh -a -W %h:%p bast1001.wikimedia.org

Event Timeline

hashar edited the content of this paste. (Show Details)Feb 11 2015, 4:04 PM
hashar changed the title of this paste from untitled to ssh configuration.
hashar updated the paste's language from autodetect to autodetect.
hashar changed the edit policy from "All Users" to "hashar (Antoine Musso)".
zeljkofilipin subscribed.Feb 11 2015, 4:06 PM
hashar edited the content of this paste. (Show Details)Feb 11 2015, 4:07 PM
hashar awarded a token.Feb 11 2015, 4:20 PM
hashar changed the title of this paste from ssh configuration to Wikimedia ssh client configuration via ProxyCommand.Mar 2 2015, 9:31 AM
Footech mentioned this in T207839: Batch add WO II war memorials to Wikidata .Oct 27 2018, 12:46 PM
OlafJanssen mentioned this in T228405: List properties that are (only) used as qualifiers.Jul 18 2019, 11:03 AM
Jakob_WMDE mentioned this in T264318: Set up store and wire it to text input component.Oct 1 2020, 2:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits