{{tag>SSH Proxy Réseau ssh_config}} # Notes SSH proxy jump ProxyCommand L’intérêt étant de ne pas déposer ailleurs sa clef SSH privée ~~~bash ssh -t -A serveurBastionRebond ssh serveurPlop118 ~~~ Ou plus simple : ''~/.ssh/config'' ~~~ Host serveurPlop118 ProxyCommand ssh -W %h:%p bastion ### Si besion Host bastion Hostname 192.168.2.34 ~~~ ## Avec sshpass ''~/.ssh/config'' ~~~ Host l12* 192.168.* !pom01 !l12srvpom01 !192.168.50.160 User admin ProxyCommand sshpass -e ssh -W %h:%p pom01 Host l12srvpom01 pom01 Hostname 192.168.50.160 User admin ~~~ ~~~bash read -s SSHPASS export SSHPASS ~~~ ## Pb ~~~ $ ssh -t -A bastion ssh -o StrictHostKeychecking=no 192.168.1.22 Permission denied (publickey). Shared connection to 171.33.90.69 closed ~~~ Solution ~~~bash ssh -O stop bastion ~~~ ou ~~~bash ssh -o ControlMaster=no 192.168.1.22 ~~~ ## Exemple ''~/.ssh/config'' ~~~ Host rebond Hostname 192.168.89.155 User jean Host old-rhel5 Hostname 192.168.50.20 User root ProxyCommand ssh -W %h:%p rebond KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 HostKeyAlgorithms +ssh-rsa PubkeyAcceptedKeyTypes +ssh-rsa SetEnv TERM=linux Host old-rhel3 Hostname 192.168.50.30 KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 HostKeyAlgorithms +ssh-rsa PubkeyAcceptedKeyTypes +ssh-rsa Ciphers +aes256-cbc SetEnv TERM=linux Host centreon Hostname 192.168.50.21 User root ProxyCommand ssh -W %h:%p rebond RemoteForward 3128 192.168.89.221:3128 LocalForward 8081 localhost:80 # SendEnv LANG LC_* ~~~ FIXME