SSH is a powerful tool. When configured correctly it should not only provide excellent security, it should also make your work easier and more convenient.
- You're using Mac OS X
- This is not a requirement. The
cmcscript should work on any *nix.
- This is not a requirement. The
- You have already created a SSH key pair and added the secret key to your
Mac keychain.
- Test to see currently available keys:
ssh-add -L
- SSH key pair creation example:
ssh-keygen -b 4096 -C USERNAME@COMPUTER_DESCssh-add -K
- Test to see currently available keys:
- Your name is Arthur Dent
- Your username on your Mac laptop is
arthurdent - Your username on remote systems is
arthur
- Your username on your Mac laptop is
- Only the
~/.ssh/configon your laptop will ever need to be edited. - Three hypothetical hosts (see below)
# insecure
Host insecure insecure.example.com
HostName insecure.example.com
# bastion
Host bastion bastion.example.com
HostName bastion.example.com
ForwardAgent yes
ControlMaster auto
# production
Host prod production prod*.example.com
HostName production.example.com
ForwardAgent yes
ProxyCommand ssh -q bastion nc -w30 %h %p
# global defaults
Host *
ControlPath ~/.ssh/master-%r@%h:%p
ServerAliveCountMax 6
ServerAliveInterval 10
User arthur
Please also see the annotated ssh configuration example with explanations.
- Establish control sessions at the start of your day/session/etc.
cmc -o bastionorcmc -O- This establishes a control master connection in the background. It will stay connected and available until it is closed or connectivity is lost.
- Connect "directly" to hosts behind the firewall using bastion as a proxy
ssh prod- Uses the connection already in place when it proxies through bastion!