Monday, November 25, 2019

SSH config

A simple user based configuration file with lots of possible combinations is the $HOME/.ssh/config file.
This file is located in the user home directory, if the user has created one. If not you can create your own and start to define the SSH keys required to log on to particular hosts, the user you use to log on and lots more.

Example of defining a key and user to a specific host;

Host jenkins.tps.co.uk
  User ec2-user
  IdentityFile ~/.ssh/steve-jenkins.pem
  StrictHostKeyChecking no

The above file would log you on as ec2-user using the steve-jenkins.pem key located in the users .ssh directory inside their home directory. It also ignores the fingerprint prompt through the StrictHostKeyChecking.


Example of using a bastion/jump host;

Host bastion.tps.co.uk
  User admin
  StrictHostKeyChecking no
  ControlPersist 5m
  IdentityFile ~/.ssh/bastion.pem
Host 172.31.10.20
  User admin
  StrictHostKeyChecking no
  ProxyJump bastion.tps.co.uk

This will set the ability to SSH to the 172.31.10.20 host in the cloud through the host called bastion.tps.co.uk, logging on as admin with the bastion.pem file in the users .ssh directory. The ControlPersist sets a time out of 5 minutes where you will be logged out if no activity occurs for 5 minutes.

Using SSH command line through bastion to another host;
ssh -i ${privatesshkeyfile} -A user@${bastionnameorip} ssh ${farsidehost}