Dynamically generate SSH Host entries in ~/.ssh/config

This can be done with the following SSH config file:

Host *
  ServerAliveInterval 120

Host gateway.somewhere.com
  User jdoe

Host gateway+*
  User jdoe
  ProxyCommand ssh -T -a $(echo %h |cut -d+ -f1).somewhere.com nc $(echo %h |cut -d+ -f2) %p 2>/dev/null
  ControlMaster auto
  ControlPath ~/.ssh/ssh-control_%r@%h:%p

You then access your internal hosts like so:

ssh gateway+internalhost01.somewhere.com
ssh gateway+internalhost02.somewhere.com

The name you choose for the right half should be resolvable by the jump host.

The User parameter is specified in case you need to manually map to different users on the different classes of hosts. ControlMaster and ControlPath are specified to allow SSH connection re-use.


You shouldn't need to manually specify HostName as it will come from the command line.

Simply try:

Host *.domain  
  IdentityFile ~/.ssh/id_rsa  
  ProxyCommand ssh mygateway /usr/bin/nc %h 22

Ignore specifying overriding the hostname directly via the Hostname declaration and instead determine it at runtime. Do this by evaluating it as part of the ProxyCommand, using %h to reference it in the command (also use %p instead of hardcoding port as 22) i.e.

Host mygateway-*
   #Hostname ???WHAT GOES HERE????
   IdentityFile ~/.ssh/id_rsa
   ProxyCommand ssh mygateway nc $(echo %h|sed 's/^mygateway-//') %p

One could even have a more generic stanza, whereby you can specify any host without a - to just be treated as is, or as per another matching stanza(s), but have a generic - approach to specify any <gateway>-<target>:

Host *-*
   # Assume LHS of "-" is GW and RHS of "-" is target host
   IdentityFile ~/.ssh/id_rsa
   ProxyCommand ssh $(echo %h|cut -d - -f1) nc $(echo %h|cut -d - -f2-) %p

Additionally, newer versions of the SSH client support the [-W host:port] option to directly perform the same function as nc (netcat). As such, we can use the modified:

Host *-*
   # Assume LHS of "-" is GW and RHS of "-" is target host
   IdentityFile ~/.ssh/id_rsa
   ProxyCommand ssh -W $(echo %h|cut -d - -f2-):%p $(echo %h|cut -d - -f1)

Of course, if you did have a finite list of hosts, you could always do:

Host host1 host2 host3 hostN
   IdentityFile ~/.ssh/id_rsa
   ProxyCommand ssh mygateway nc %h %p

Hope this helps!

Tags:

Ssh

Recent Posts