1. 17
  1. 2

    A helpful and thorough exploration of some useful SSH options–including ProxyJump, which I was not aware of.

    It is hosted on the blog of a company who has products built in this space, but without a nice CTA in the article and with enough info it’s kinda useful. As always, please flag aggressively if you find it to be content marketing.

    1. 5

      Given that keys are largely antiquated

      … is something of a hot take!

      1. 1

        Yes, had a good snort when I read that. I think the author must have meant manual management of keys or something.

        SSH certs are terrific but they are not suitable for every single environment.

      2. 1

        We had to use this at the university to access our VSphere box.

        Host 192.168.11.*
            ProxyJump      bastion
            User           ubuntu
            IdentityFile   ~/.ssh/bastion
        Host eb2-32*** bastion
            Hostname       eb2-***
            Port           ***
            User           ubuntu
            IdentityFile   playbooks/keys/dockerize-test-harness

        One thing I found useful is if you didn’t want to spam your local ~/.ssh/config with this sort of stuff, you can pass this to ssh with the -F option:

        ssh -F ssh.vsphere
      3. 1

        Missing my favorite feature, connection multiplexing: https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing

        Host *
            ControlMaster auto
            ControlPath ~/tmp/ssh-%r@%h:%p

        Every ssh connection to the same host after the first piggybacks on the first one and login is quicker.

        Downside: if you work with jumphosts and/or a lot of port forwards it’s annoying

        And TIL: https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing#Port_Forwarding_After_the_Fact