Last active
February 28, 2023 20:46
-
-
Save krigar/43cd8b41bd72b4b0f6bd to your computer and use it in GitHub Desktop.
Bastion Playbook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ssh_connection] | |
| ssh_args = -F ssh.cfg | |
| control_path = ~/.ssh/mux-%r@%h:%p |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [bastion] | |
| 54.171.0.0 | |
| [app_servers] | |
| 172.16.1.1 | |
| 172.16.2.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host 172.16.* | |
| ProxyCommand ssh -W %h:%p [email protected] | |
| Host * | |
| ControlMaster auto | |
| ControlPath ~/.ssh/mux-%r@%h:%p | |
| ControlPersist 15m |
Thanks @krigar!!
(p.s. yeah, i think @ja8zyjits is right so that the file would match your article ;) )
What if I have to use key based login from controller to bastion and bastion to app_servers? @krigar
Where do we specify the pem key when we need to use key based ssh logins?
Host 172.16.*
ProxyCommand ssh -A -W %h:%p [email protected]
Host *
ControlMaster auto
ControlPath ~/.ssh/mux-%r@%h:%p
ControlPersist 15m
IdentityFile ~/.ssh/id_rsa
notice the added "IdentityFile" above and the "-A" in the first block that will forward your key to the jumpbox, this setup works for me.
What are the contents of: ~/.ssh/mux-%r@%h:%p
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A doubt, shouldn't the second code be titled
inventory?