Join Log in
Score:0
Cruise5 avatar Server

How to use globbing in ssh config to connect via SSH tunnel?

cn flag
Cruise5

Here is the architecture from local host to ServerC1..n

I have configured ~/.ssh/config file on localhost:

### First jump host. Directly reachable
Host ServerA
    Hostname 10.0.5.101
    User jenny
    IdentityFile /home/admin/.ssh/serverA

### Second jumphost. Only reachable via 10.0.5.101
Host ServerB1
  HostName ServerB1
  User james
  ProxyJump ServerA
  IdentityFile /home/admin/.ssh/james

### Host only reachable via serverA and ServerB1
Host ServerC1
  HostName ServerC1
  User root
  ProxyJump ServerB1
  IdentityFile /home/admin/.ssh/ServerC1

I can directly connect to ServerC1 using ssh ServerC1 command from localhost using the config above.

The issue is that there are many ServerB's and each ServerB is connected to several ServerC's. The private keys are the same for all the Servers so that's not the issue.

From localhost, I want to connect via SSH tunnel to any of ServerC1,2,3..n

ServerA /etc/hosts has all the hostname and IPs for ServerB's and each ServerB has IPs of ServerC's in it's /etc/hosts file.

Can I use pattern matching in my localhost's ~/.ssh/config file to accomplish this? Currently I am limited to connecting ServerC1 only because I specifically specified ServerB1 and ServerC1

136
1 + 8
ssh
poige avatar
ke flag
poige
Did you even google? Internet has tons of examples, ArchLinux' wiki is a single one to mention.
0
Reply
Cruise5 avatar
cn flag
Cruise5
This ssh config file was created using an example from google. The pattern matching is not working with multiple jump hosts. Hence, I drew a diagram to illustrate and explain the question.
0
Reply
Cruise5 avatar
cn flag
Cruise5
@poige I didn't find a single example of pattern matching related to ProxyJump in ArchLinux' wiki. I am not sure where in the wiki you are referring to.
0
Reply
poige avatar
ke flag
poige
not necessarily ArchLinux, dude, google around: https://wiki.gentoo.org/wiki/SSH_jump_host#Dynamic_jump_host_list
0
Reply
Cruise5 avatar
cn flag
Cruise5
There is nothing about pattern matching for my use case there.
0
Reply
poige avatar
ke flag
poige
Last time I checked these two weren't the only sites in internet in regards. ;-P
0
Reply
Cruise5 avatar
cn flag
Cruise5
You keep providing links and those don't have any solution to this problem. So I am not sure you are linking it. So Regards!
0
Reply
poige avatar
ke flag
poige
It's trivial so I'm leaving it as an exercise to the reader. Mutual regards, indeed. ;)
0
Reply
Score:0
rocky_alpine avatar Server
my flag
rocky_alpine

After some help from reddit, the best answer to this problem is configuring the ~/.ssh/config file as follows: Assuming all of the ServerB* has same IdentityFile.

Host ServerA
    Hostname 10.0.5.101
    User jenny
    IdentityFile /home/admin/.ssh/serverA

Match originalhost ServerB*
    User james
    ProxyJump ServerA
    IdentityFile /home/admin/.ssh/james

And then at command-line:

ssh -J serverB1 -i /home/admin/.ssh/ServerC1 root@ServerC1

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.