You Should Switch to ProxyCommmand With SSH #
SSH forwarding is great, but ProxyCommand lets you actually script how to make multiple jumps to get to a box.
To set it up, do the following:
- Copy your public key to all the places you want it
- You may want to put your public key in puppet, but iff you put your private key in puppet, then everyone with access to Puppet can see it, so... no
vim .ssh/authorized_keysand paste your private key there
- On your laptop, create a file that looks like the following file at
Host jump #this creates a host aliased to "jump", now you can "ssh jump"
ProxyCommand ssh -q -W %h:%p foo #This means "ssh to this box using foo"
ProxyCommand ssh -q -W %h:%p foo #Using the Hostname(%h) and Port(%p) you're using anyway, and passing stdio directly through(-W) but hiding errors(-q)
ProxyCommand ssh -q -W %h:%p jump #Note that you're using the named jump box above to go here
ProxyCommand ssh -q -W %h:%p jump #SSH will resolve everything in the chain, so it figures out you need jump, jump needs foo, and does all those sshes to get there
ProxyCommand ssh -q -W %h:%p jump #Fun fact, -W means that this works for scp as well as ssh
- You can now ssh directly to
logrepo, etc. without hitting multiple jump boxen.