This config covers automatic ssh gateway selection and recursive porxy jumping as of April 2020 for all PSI networks I know about. **Operating principles** * The match directives select the gateway to use. As the config is used for contacting gateways as well, recursion is built in * The control directives make it so that a second connection to a host uses the active socket and does not require authentication. Especially useful for wmgt with the RSA login * Default username specified in case it differens from the AD user * Identity file specifies the CA signed key ```{note} Following config works but makes the establishment of ssh connections SUPER slow !!!! ``` ``` ## Network matches, exclusions at the beginning Match exec "host %h | cut -d ' ' -f 4 | grep -vE '^(129\.129\.194\.98|129\.129\.190\.25|129\.129\.146\.12[1357]|129\.129\.146\.119|129\.129\.146\.15[45]|129\.129\.146\.20)'| grep -qE '^(10\.129\.1[69]0\.|10\.33\.120\.|172\.24\.5\.|192\.33\.12[07]\.|192\.168\.[18]\.|192\.168\.13\.|192\.168\.71\.|192\.33\.126\.[34]|129\.129\.146\.|129\.129\.15[078]\.|129\.129\.160\.|129\.129\.18[89]\.|129\.129\.19[045]\.|129\.129\.230\.|129\.129\.24[01]\.|192\.33\.126\.|172\.24\.6|129\.129\.95\.)'" ProxyJump wmgt01 Match exec "host %h | cut -d ' ' -f 4 |grep -vE '(172\.24\.6\.34)'| grep -qE '^(129\.129\.8[789]\.|172\.24\.6\.|172\.24\.52\.|172\.24\.42\.)'" ProxyJump cptgate01.psi.ch Match exec "host %h | cut -d ' ' -f 4 |grep -qE '(172\.23\.9[89]\.)'" ProxyJump esi-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(172\.20\.3\.)'" ProxyJump sls-gw.psi.ch ## gw excluded from the wmgt01 batch Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(172\.21\.1[012]\.)'" ProxyJump fin-gw.psi.ch ## gw excluded from the wmgt01 batch Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(172\.21\.70\.)'" ProxyJump trfcb-gw.psi.ch ## gw excluded from the wmgt01 batch Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(172\.25\.11\.|172\.25\.60\.)'" ProxyJump proscan-gw.psi.ch ## gw excluded from the wmgt01 batch Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(172\.19\.10\.|172\.22\.120\.)'" ProxyJump hipa-gw.psi.ch ## gw excluded from the wmgt01 batch Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(129\.129\.242\.)'" ProxyJump saresa-gw.psi.ch ## gw excluded from the wmgt01 batch Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(129\.129\.243\.)'" ProxyJump saresb-gw.psi.ch ## gw excluded from the wmgt01 batch # jump host doesn't exist ??? #Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(129\.129\.242\.)'" #ProxyJump sls-proscan.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(172\.26\.[08]\.|172\.26\.16\.|172\.26\.24\.|172\.26\.32\.|172\.26\.40\.|172\.26\.110\.|172\.26\.120\.)'" ProxyJump sf-gw.psi.ch ## gw excluded from the wmgt01 batch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.98\.12)' | grep -qE '^(129\.129\.98\.)'" ProxyJump x01dc-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.99\.12)' | grep -qE '^(129\.129\.99\.)'" ProxyJump x02da-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.101\.12)' | grep -qE '^(129\.129\.101\.)'" ProxyJump x03ma-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.102\.12)' | grep -qE '^(129\.129\.102\.)'" ProxyJump x03da-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.104\.12)' | grep -qE '^(129\.129\.104\.)'" ProxyJump x04sa-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.105\.12)' | grep -qE '^(129\.129\.105\.)'" ProxyJump x04db-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.106\.12)' | grep -qE '^(129\.129\.106\.)'" ProxyJump x05la-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.107\.12)' | grep -qE '^(129\.129\.107\.)'" ProxyJump x05da-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.109\.12)' | grep -qE '^(129\.129\.109\.)'" ProxyJump x06sa-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.110\.12)' | grep -qE '^(129\.129\.110\.)'" ProxyJump x06da-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.126\.12)' | grep -qE '^(129\.129\.126\.)'" ProxyJump x06mx-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.112\.12)' | grep -qE '^(129\.129\.112\.)'" ProxyJump x07ma-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.113\.12)' | grep -qE '^(129\.129\.113\.)'" ProxyJump x07da-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.116\.12)' | grep -qE '^(129\.129\.116\.)'" ProxyJump x09lb-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.117\.12)' | grep -qE '^(129\.129\.117\.)'" ProxyJump x09la-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.118\.12)' | grep -qE '^(129\.129\.118\.)'" ProxyJump x10sa-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.119\.12)' | grep -qE '^(129\.129\.119\.)'" ProxyJump x10da-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.121\.12)' | grep -qE '^(129\.129\.121\.)'" ProxyJump x11ma-gw.psi.ch Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.122\.12)' | grep -qE '^(129\.129\.122\.)'" ProxyJump x12sa-gw.psi.ch Host * User klar_t IdentityFile ~/.ssh/id_rsa-cert.pub PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com ControlMaster auto ControlPath ~/.ssh/cm_socket/%r@%h:%p ```