Last active
February 1, 2022 09:03
-
-
Save terrywang/3997931 to your computer and use it in GitHub Desktop.
~/.ssh/config behind firewall (ssh via HTTP proxy) and faster session creation by reusing already established connection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # User ssh configuration file ~/.ssh/config | |
| # Gist https://gist.github.com/terrywang/3997931 | |
| # man ssh_config for more information | |
| # Inspired by the blog post below to fight the NSA | |
| # https://stribika.github.io/2015/01/04/secure-secure-shell.html | |
| # Outside of the firewall, with HTTPS proxy | |
| # Package connect-proxy is required. | |
| # Amazon EC2 | |
| Host *.compute.amazonaws.com | |
| ProxyCommand connect -H proxy.company.com:80 %h %p | |
| ServerAliveInterval 30 | |
| # cloud.terry.im | |
| Host cloud.terry.im | |
| ProxyCommand connect -H proxy.company.com:80 %h %p | |
| ServerAliveInterval 30 | |
| # Digital Ocean | |
| Host 192.241.*.* | |
| ProxyCommand connect -H proxy.company.com:80 %h %p | |
| ServerAliveInterval 30 | |
| # Inside the firewall (do not use proxy) | |
| Host * | |
| ProxyCommand connect %h %p | |
| Host * | |
| # key exchange algorithms | |
| KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256 | |
| # client authenticaiton | |
| # PasswordAuthentication no | |
| ChallengeResponseAuthentication no | |
| PubkeyAuthentication yes | |
| # host key algorithms the client wants to use in order of preference | |
| HostKeyAlgorithms [email protected],[email protected],ssh-ed25519,ssh-rsa | |
| # symmetric ciphers in order of preference | |
| Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr | |
| # Message Authentication Code algorithms in order of preference for data integrity protection | |
| MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected] | |
| ServerAliveInterval 30 | |
| # Speed up SSH session creation | |
| # by sharing multiple sessions over a single network connection | |
| # reuse already established TCP connection | |
| # ControlMaster auto | |
| # ControlPath ~/.ssh/sockets/%r@%h-%p | |
| # ControlPersist 600 | |
| # Disable roaming explicitly anyway for good | |
| # UseRoaming no # Disable as it is by default off | |
| VisualHostKey yes | |
| # Ensure KnownHosts are unreadable if leaked | |
| # otherwise it is easier to know which hosts your keys have access to | |
| # HashKnownHosts yes | |
| # macOS Sierra - add passphrases to keychain | |
| UseKeychain yes | |
| # Load keys into ssh-agent | |
| AddKeysToAgent yes |
very useful for developers from china.
# Amazon EC2
Host *.compute.amazonaws.com
ProxyCommand connect -H proxy.company.com:80 %h %p
ServerAliveInterval 30
I tried to use the above command in the config file and replaced my company proxy, but it didn't work.
ssh -i "keyfile.pem" [email protected]
Error produced:
zsh:1: command not found: connect
kex_exchange_identification: Connection closed by remote host
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Replace the fake proxy here =>
proxy.company.comwith the FQDN of your own proxy.For example, my proxy is =>
proxy.terry.im, usesed -i 's/proxy.company.com/proxy.terry.im/g' ~/.ssh/config