Table des matières

, , ,

Notes SSH proxy jump ProxyCommand

L’intérêt étant de ne pas déposer ailleurs sa clef SSH privée 

ssh -t -A serveurBastionRebond ssh serveurPlop118

Ou plus simple :

~/.ssh/config 

Host serveurPlop118
        ProxyCommand ssh -W %h:%p bastion
        
### Si besion

Host bastion
        Hostname 192.168.2.34

Avec sshpass

~/.ssh/config 

Host l12* 192.168.* !pom01 !l12srvpom01 !192.168.50.160
        User admin
        ProxyCommand sshpass -e ssh -W %h:%p pom01

Host l12srvpom01 pom01
        Hostname 192.168.50.160
        User admin
read -s SSHPASS
export SSHPASS

Pb

$ ssh -t -A bastion ssh -o StrictHostKeychecking=no 192.168.1.22
Permission denied (publickey).
Shared connection to 171.33.90.69 closed

Solution 

ssh -O stop bastion

ou 

ssh -o ControlMaster=no 192.168.1.22

Exemple

~/.ssh/config 

Host rebond
        Hostname 192.168.89.155
        User jean

Host old-rhel5
        Hostname 192.168.50.20
        User root
        ProxyCommand ssh -W %h:%p rebond
        KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
        HostKeyAlgorithms +ssh-rsa
        PubkeyAcceptedKeyTypes +ssh-rsa
        SetEnv TERM=linux
        
Host old-rhel3
        Hostname 192.168.50.30
        KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
        HostKeyAlgorithms +ssh-rsa
        PubkeyAcceptedKeyTypes +ssh-rsa
        Ciphers +aes256-cbc
        SetEnv TERM=linux

Host centreon
        Hostname 192.168.50.21
        User root
        ProxyCommand ssh -W %h:%p rebond
        RemoteForward 3128 192.168.89.221:3128
        LocalForward 8081 localhost:80
        # SendEnv LANG LC_*

FIXME