Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
SSH Recipes
# Example ssh config file. Usually located in ~/.ssh/config (user) or /etc/ssh/ssh_config (system)
# This works on both linux and MacOS
# Basic ssh commands converted to ssh/config file format
# Simplest format
# Run with: "ssh blog" => (equivalent to: "ssh ubuntu@example.com" and "ssh -i ~/.ssh/id_rsa -p 22 ubuntu@example.com")
Host blog
User ubuntu
HostName example.com
# Setting more options
# Run with: "ssh secure_blog" => (equivalent to: "ssh -p 12345 -i ~/.ssh/identity_file_that_is_not-id_rsa ubuntu@example.com")
Host secure_blog
User ubuntu
HostName example.com
Port 12345
IdentityFile ~/.ssh/identity_file_that_is_not-id_rsa
# Example ssh config file. Usually located in ~/.ssh/config (user) or /etc/ssh/ssh_config (system)
# This works on both linux and MacOS
# Using patterns in ssh/config file.
# This removes a lot of unnecessary repetition while writing this file.
# Subdomain patterns using wildcards
# Run with "ssh www.example.com" => (equivalent to: "ssh ubuntu@www.example.com")
# Run with "ssh blog.example.com" => (equivalent to: "ssh ubuntu@blog.example.com")
Host *.example.com
HostName %h
User ubuntu
# Subdomain patterns with "?" (matches one character)
# Run with "ssh box1" => (equivalent to: "ssh ubuntu@box1.example.com")
# Run with "ssh boxZ" => (equivalent to: "ssh ubuntu@boxZ.example.com")
Host box?
HostName %h.example.com
User ubuntu
# Multiple patterns
# Run with "ssh box3" => (equivalent to: "ssh ubuntu@box3.example.com")
# Run with "ssh cluster01" => (equivalent to: "ssh ubuntu@cluster01.example.com")
# Run with "ssh cluster99" => (equivalent to: "ssh ubuntu@cluster99.example.com")
Host box? cluster??
HostName %h.example.com
User ubuntu
# Exclusion Patterns
# Prepend any pattern with "!" and it will be negated
# Run with "ssh box1" => (equivalent to: "ssh ubuntu@box1.example.com")
# Run with "ssh box0" will generate an error: "ssh: Could not resolve hostname box0: nodename nor servname provided, or not known"
Host box? !box0
HostName %h.example.com
User ubuntu
# Cascaded patterns: Patterns can be cascaded as follows
# Below options are "defaults" for all subdomains of example.com
Host *.example.com
HostName %h.example.com
User ubuntu
Host box?.example.com
# Run with "ssh box1.example.com" => (equivalent to: "ssh centos@box1.example.com")
User centos
Host cluster??
# Run with "ssh cluster99" => (equivalent to: "ssh -i ~/.ssh/cluster.id_rsa ubuntu@cluster99.example.com")
IdentityFile ~/.ssh/cluster.id_rsa
# More on patterns under "Patterns" section here: https://linux.die.net/man/5/ssh_config
# Example ssh config file. Usually located in ~/.ssh/config (user) or /etc/ssh/ssh_config (system)
# This works on both linux and MacOS
# Jumpboxes/Proxies/Firewalls can be in between servers. (e.g. localbox -> proxy -> example.com)
# Login through proxy
# First define the proxy connection
Host jumpbox
HostName myproxy.example.com
User ubuntu
# Login to a private machine (behind a jumpbox)
# Run with "ssh jb.private01" => (equivalent to: "ssh jumpbox -tt ssh centos@private01")
# => Also equivilant to ssh ubuntu@myproxy.example.com -tt ssh centos@private01
# Note that User/HostName are used by jumpbox's connection, not your local machine
Host jb.private01
HostName private01
User centos
ProxyCommand ssh jumpbox -W %h:%p
# Login to multiple private machines (behind a jumpbox), with a common prefix
# Run with "ssh jb.private99" => (equivalent to: "ssh jumpbox -tt ssh centos@private99")
# $(echo %h | cut -d. -f1- ) takes the hostname "jb.private99", splits it by "." delimiter, then captures all the fields starting second
Host jb.*
User centos
ProxyCommand ssh jumpbox -W $(echo %h | cut -d. -f2- ):%p
# Login to a private machine with a non-default key
# You need "nc" to be installed on the jumpbox machine to be able to do this
# Run with "ssh confidential" => (equivalent to: "ssh jumpbox -tt ssh -i ~/non_default_key centos@private01")
Host confidential
HostName confidential
User centos
ProxyCommand ssh -o 'ForwardAgent yes' jumpbox 'ssh-add path/to/keyfile && nc %h %p'
# Port-forwarding (using tunnels)
# Tunnel with "ssh -fN jumpbox_tunnels" (then you can access private:9200 as localhost:9401)
Host jumpbox_tunnels
HostName myproxy.example.com
User ubuntu
LocalForward 9401 private01:9200
LocalForward 9402 private02:9200
LocalForward 9403 private03:9200
@pfnotifymedals

This comment has been minimized.

Copy link

@pfnotifymedals pfnotifymedals commented Oct 4, 2020

Awesome, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.