Instantly share code, notes, and snippets.
CreatedMarch 18, 2017 13:58
Save mjalajel/beaa91a5f8d04ebb464c2c28da01406a to your computer and use it in GitHub Desktop.
SSH Recipes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| # Example ssh config file. Usually located in ~/.ssh/config (user) or /etc/ssh/ssh_config (system) | |
| # This works on both linux and MacOS | |
| # Basic ssh commands converted to ssh/config file format | |
| # Simplest format | |
| # Run with: "ssh blog" => (equivalent to: "ssh ubuntu@example.com" and "ssh -i ~/.ssh/id_rsa -p 22 ubuntu@example.com") | |
| Host blog | |
| User ubuntu | |
| HostName example.com | |
| # Setting more options | |
| # Run with: "ssh secure_blog" => (equivalent to: "ssh -p 12345 -i ~/.ssh/identity_file_that_is_not-id_rsa ubuntu@example.com") | |
| Host secure_blog | |
| User ubuntu | |
| HostName example.com | |
| Port 12345 | |
| IdentityFile ~/.ssh/identity_file_that_is_not-id_rsa |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| # Example ssh config file. Usually located in ~/.ssh/config (user) or /etc/ssh/ssh_config (system) | |
| # This works on both linux and MacOS | |
| # Using patterns in ssh/config file. | |
| # This removes a lot of unnecessary repetition while writing this file. | |
| # Subdomain patterns using wildcards | |
| # Run with "ssh www.example.com" => (equivalent to: "ssh ubuntu@www.example.com") | |
| # Run with "ssh blog.example.com" => (equivalent to: "ssh ubuntu@blog.example.com") | |
| Host *.example.com | |
| HostName %h | |
| User ubuntu | |
| # Subdomain patterns with "?" (matches one character) | |
| # Run with "ssh box1" => (equivalent to: "ssh ubuntu@box1.example.com") | |
| # Run with "ssh boxZ" => (equivalent to: "ssh ubuntu@boxZ.example.com") | |
| Host box? | |
| HostName %h.example.com | |
| User ubuntu | |
| # Multiple patterns | |
| # Run with "ssh box3" => (equivalent to: "ssh ubuntu@box3.example.com") | |
| # Run with "ssh cluster01" => (equivalent to: "ssh ubuntu@cluster01.example.com") | |
| # Run with "ssh cluster99" => (equivalent to: "ssh ubuntu@cluster99.example.com") | |
| Host box? cluster?? | |
| HostName %h.example.com | |
| User ubuntu | |
| # Exclusion Patterns | |
| # Prepend any pattern with "!" and it will be negated | |
| # Run with "ssh box1" => (equivalent to: "ssh ubuntu@box1.example.com") | |
| # Run with "ssh box0" will generate an error: "ssh: Could not resolve hostname box0: nodename nor servname provided, or not known" | |
| Host box? !box0 | |
| HostName %h.example.com | |
| User ubuntu | |
| # Cascaded patterns: Patterns can be cascaded as follows | |
| # Below options are "defaults" for all subdomains of example.com | |
| Host *.example.com | |
| HostName %h.example.com | |
| User ubuntu | |
| Host box?.example.com | |
| # Run with "ssh box1.example.com" => (equivalent to: "ssh centos@box1.example.com") | |
| User centos | |
| Host cluster?? | |
| # Run with "ssh cluster99" => (equivalent to: "ssh -i ~/.ssh/cluster.id_rsa ubuntu@cluster99.example.com") | |
| IdentityFile ~/.ssh/cluster.id_rsa | |
| # More on patterns under "Patterns" section here: https://linux.die.net/man/5/ssh_config |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| # Example ssh config file. Usually located in ~/.ssh/config (user) or /etc/ssh/ssh_config (system) | |
| # This works on both linux and MacOS | |
| # Jumpboxes/Proxies/Firewalls can be in between servers. (e.g. localbox -> proxy -> example.com) | |
| # Login through proxy | |
| # First define the proxy connection | |
| Host jumpbox | |
| HostName myproxy.example.com | |
| User ubuntu | |
| # Login to a private machine (behind a jumpbox) | |
| # Run with "ssh jb.private01" => (equivalent to: "ssh jumpbox -tt ssh centos@private01") | |
| # => Also equivilant to ssh ubuntu@myproxy.example.com -tt ssh centos@private01 | |
| # Note that User/HostName are used by jumpbox's connection, not your local machine | |
| Host jb.private01 | |
| HostName private01 | |
| User centos | |
| ProxyCommand ssh jumpbox -W %h:%p | |
| # Login to multiple private machines (behind a jumpbox), with a common prefix | |
| # Run with "ssh jb.private99" => (equivalent to: "ssh jumpbox -tt ssh centos@private99") | |
| # $(echo %h | cut -d. -f1- ) takes the hostname "jb.private99", splits it by "." delimiter, then captures all the fields starting second | |
| Host jb.* | |
| User centos | |
| ProxyCommand ssh jumpbox -W $(echo %h | cut -d. -f2- ):%p | |
| # Login to a private machine with a non-default key | |
| # You need "nc" to be installed on the jumpbox machine to be able to do this | |
| # Run with "ssh confidential" => (equivalent to: "ssh jumpbox -tt ssh -i ~/non_default_key centos@private01") | |
| Host confidential | |
| HostName confidential | |
| User centos | |
| ProxyCommand ssh -o 'ForwardAgent yes' jumpbox 'ssh-add path/to/keyfile && nc %h %p' | |
| # Port-forwarding (using tunnels) | |
| # Tunnel with "ssh -fN jumpbox_tunnels" (then you can access private:9200 as localhost:9401) | |
| Host jumpbox_tunnels | |
| HostName myproxy.example.com | |
| User ubuntu | |
| LocalForward 9401 private01:9200 | |
| LocalForward 9402 private02:9200 | |
| LocalForward 9403 private03:9200 | |
pfnotifymedals commentedOct 4, 2020
Awesome, thanks!
masiiie commentedFeb 7, 2022
Thanks!
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment