Permalink
Switch branches/tags
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
97 lines (63 sloc) 2.39 KB

Workflow

SSH is a powerful tool. When configured correctly it should not only provide excellent security, it should also make your work easier and more convenient.

Assumptions

  1. You're using Mac OS X
    • This is not a requirement. The cmc script should work on any *nix.
  2. You have already created a SSH key pair and added the secret key to your Mac keychain.
    • Test to see currently available keys:
      1. ssh-add -L
    • SSH key pair creation example:
      1. ssh-keygen -b 4096 -C USERNAME@COMPUTER_DESC
      2. ssh-add -K
  3. Your name is Arthur Dent
    • Your username on your Mac laptop is arthurdent
    • Your username on remote systems is arthur
  4. Only the ~/.ssh/config on your laptop will ever need to be edited.
  5. Three hypothetical hosts (see below)

Example ~/.ssh/config Configuration

# insecure
Host insecure insecure.example.com
    HostName insecure.example.com

# bastion
Host bastion bastion.example.com
    HostName bastion.example.com
    ForwardAgent yes
    ControlMaster auto

# production
Host prod production prod*.example.com
    HostName production.example.com
    ForwardAgent yes
    ProxyCommand ssh -q bastion nc -w30 %h %p

# global defaults
Host *
    ControlPath ~/.ssh/master-%r@%h:%p
    ServerAliveCountMax 6
    ServerAliveInterval 10
    User arthur

Please also see the annotated ssh configuration example with explanations.

Workflow

  1. Establish control sessions at the start of your day/session/etc.
    • cmc -o bastion or cmc -O
    • This establishes a control master connection in the background. It will stay connected and available until it is closed or connectivity is lost.
  2. Connect "directly" to hosts behind the firewall using bastion as a proxy
    • ssh prod
    • Uses the connection already in place when it proxies through bastion!

References