Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
SSH Recipes
# Example ssh config file. Usually located in ~/.ssh/config (user) or /etc/ssh/ssh_config (system)
# This works on both linux and MacOS
# Basic ssh commands converted to ssh/config file format
# Simplest format
# Run with: "ssh blog" => (equivalent to: "ssh ubuntu@example.com" and "ssh -i ~/.ssh/id_rsa -p 22 ubuntu@example.com")
Host blog
User ubuntu
HostName example.com
# Setting more options
# Run with: "ssh secure_blog" => (equivalent to: "ssh -p 12345 -i ~/.ssh/identity_file_that_is_not-id_rsa ubuntu@example.com")
Host secure_blog
User ubuntu
HostName example.com
Port 12345
IdentityFile ~/.ssh/identity_file_that_is_not-id_rsa
# Example ssh config file. Usually located in ~/.ssh/config (user) or /etc/ssh/ssh_config (system)
# This works on both linux and MacOS
# Using patterns in ssh/config file.
# This removes a lot of unnecessary repetition while writing this file.
# Subdomain patterns using wildcards
# Run with "ssh www.example.com" => (equivalent to: "ssh ubuntu@www.example.com")
# Run with "ssh blog.example.com" => (equivalent to: "ssh ubuntu@blog.example.com")
Host *.example.com
HostName %h
User ubuntu
# Subdomain patterns with "?" (matches one character)
# Run with "ssh box1" => (equivalent to: "ssh ubuntu@box1.example.com")
# Run with "ssh boxZ" => (equivalent to: "ssh ubuntu@boxZ.example.com")
Host box?
HostName %h.example.com
User ubuntu
# Multiple patterns
# Run with "ssh box3" => (equivalent to: "ssh ubuntu@box3.example.com")
# Run with "ssh cluster01" => (equivalent to: "ssh ubuntu@cluster01.example.com")
# Run with "ssh cluster99" => (equivalent to: "ssh ubuntu@cluster99.example.com")
Host box? cluster??
HostName %h.example.com
User ubuntu
# Exclusion Patterns
# Prepend any pattern with "!" and it will be negated
# Run with "ssh box1" => (equivalent to: "ssh ubuntu@box1.example.com")
# Run with "ssh box0" will generate an error: "ssh: Could not resolve hostname box0: nodename nor servname provided, or not known"
Host box? !box0
HostName %h.example.com
User ubuntu
# Cascaded patterns: Patterns can be cascaded as follows
# Below options are "defaults" for all subdomains of example.com
Host *.example.com
HostName %h.example.com
User ubuntu
Host box?.example.com
# Run with "ssh box1.example.com" => (equivalent to: "ssh centos@box1.example.com")
User centos
Host cluster??
# Run with "ssh cluster99" => (equivalent to: "ssh -i ~/.ssh/cluster.id_rsa ubuntu@cluster99.example.com")
IdentityFile ~/.ssh/cluster.id_rsa
# More on patterns under "Patterns" section here: https://linux.die.net/man/5/ssh_config
# Example ssh config file. Usually located in ~/.ssh/config (user) or /etc/ssh/ssh_config (system)
# This works on both linux and MacOS
# Jumpboxes/Proxies/Firewalls can be in between servers. (e.g. localbox -> proxy -> example.com)
# Login through proxy
# First define the proxy connection
Host jumpbox
HostName myproxy.example.com
User ubuntu
# Login to a private machine (behind a jumpbox)
# Run with "ssh jb.private01" => (equivalent to: "ssh jumpbox -tt ssh centos@private01")
# => Also equivilant to ssh ubuntu@myproxy.example.com -tt ssh centos@private01
# Note that User/HostName are used by jumpbox's connection, not your local machine
Host jb.private01
HostName private01
User centos
ProxyCommand ssh jumpbox -W %h:%p
# Login to multiple private machines (behind a jumpbox), with a common prefix
# Run with "ssh jb.private99" => (equivalent to: "ssh jumpbox -tt ssh centos@private99")
# $(echo %h | cut -d. -f1- ) takes the hostname "jb.private99", splits it by "." delimiter, then captures all the fields starting second
Host jb.*
User centos
ProxyCommand ssh jumpbox -W $(echo %h | cut -d. -f2- ):%p
# Login to a private machine with a non-default key
# You need "nc" to be installed on the jumpbox machine to be able to do this
# Run with "ssh confidential" => (equivalent to: "ssh jumpbox -tt ssh -i ~/non_default_key centos@private01")
Host confidential
HostName confidential
User centos
ProxyCommand ssh -o 'ForwardAgent yes' jumpbox 'ssh-add path/to/keyfile && nc %h %p'
# Port-forwarding (using tunnels)
# Tunnel with "ssh -fN jumpbox_tunnels" (then you can access private:9200 as localhost:9401)
Host jumpbox_tunnels
HostName myproxy.example.com
User ubuntu
LocalForward 9401 private01:9200
LocalForward 9402 private02:9200
LocalForward 9403 private03:9200
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.