Jump to: navigation, search

Ssh forwarding with same config file hack

About the Authors

Other recent contributors

Make this page better by editing it.
Hubbitus

Problem

Recently, today on the past of my work we made decision use ansible for managing our hundreds of hosts. For that purpose, until proper CMDBuild integration will happen was used dedicated inventory hosts file and ssh.config. For make it shareable and placed under git in same project it made standalone.

In ansible.cfg then just mention that like:

  ssh_args = -o ControlMaster=auto -o ControlPersist=60s -F inventory/ssh.config

All works good until happened hosts what require proxy hope. It is one of the best future of ssh configured easy and works great:

 Host app.marrgmain.rgc app.marrg.rgc
    HostName 172.31.12.201
    ProxyCommand ssh esb.marrg.rgc -W %h:%p

Ssh standalone client works great if you place that in ~/.ssh/config because it default file location and will be used by inner ssh which run as proxy! But fails if you run it from another path like:

 ssh -F ssh.config app.marrg.rgc

because ssh from proxy will use default one!

Off course you may solve it by provide path there too:

 Host app.marrgmain.rgc app.marrg.rgc
    HostName 172.31.12.201
    ProxyCommand ssh -F /path/to/same/ssh.config esb.marrg.rgc -W %h:%p

But that solution is error prone and has several disadvantages:

  • You always must use same paths.
  • That hardcoded and need to be rewritten each time when files moved
  • For all users of our repo it must be adjusted...

Unfortunately I have no any scripting capabilities or config inheritance/including. Similar requests opens from 2009 year!

And I found some sort hack...

Solution

As ProxyCommand is just executed command we want inherit config-file setting (-F) to that. As ssh does not provide config inheritance, we just do it manually. Command provided at least for bash but should work in many other shells too (comments welcome for yours):

 Host app.marrgmain.rgc app.marrg.rgc
   HostName 172.31.12.201
   ProxyCommand ssh -q $( egrep -z -A1 '^-F$' /proc/$PPID/cmdline ) esb.marrg.rgc -W %h:%p

All magic happened there: $( egrep -z -A1 '^-F$' /proc/$PPID/cmdline ) what just mean use same config as main command.



Share your opinion