forked from Controls/gitea-pages
remove outdated ssh config stuff
This commit is contained in:
@@ -47,14 +47,9 @@ __Enduser Systems__
|
||||
* [Grant new person right for bob/sysdb](newbob)
|
||||
* [How to reinstall a machine](howtoreinstall)
|
||||
|
||||
## Tools
|
||||
|
||||
* [SSH config](sshconf)
|
||||
|
||||
## HTTPS Certificates
|
||||
* [HTTPS Certificates](https://linux.psi.ch/admin-guide/operations/certificates.html)
|
||||
|
||||
|
||||
## SSH Certificates / Signing Public User Keys
|
||||
|
||||
Generate a ssh key e.g. as follows:
|
||||
|
||||
@@ -1,124 +0,0 @@
|
||||
This config covers automatic ssh gateway selection and recursive porxy jumping as of April 2020 for all PSI networks I know about.
|
||||
|
||||
**Operating principles**
|
||||
|
||||
* The match directives select the gateway to use. As the config is used for contacting gateways as well, recursion is built in
|
||||
* The control directives make it so that a second connection to a host uses the active socket and does not require authentication. Especially useful for wmgt with the RSA login
|
||||
* Default username specified in case it differens from the AD user
|
||||
* Identity file specifies the CA signed key
|
||||
|
||||
```{note}
|
||||
Following config works but makes the establishment of ssh connections SUPER slow !!!!
|
||||
```
|
||||
|
||||
```
|
||||
## Network matches, exclusions at the beginning
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '^(129\.129\.194\.98|129\.129\.190\.25|129\.129\.146\.12[1357]|129\.129\.146\.119|129\.129\.146\.15[45]|129\.129\.146\.20)'| grep -qE '^(10\.129\.1[69]0\.|10\.33\.120\.|172\.24\.5\.|192\.33\.12[07]\.|192\.168\.[18]\.|192\.168\.13\.|192\.168\.71\.|192\.33\.126\.[34]|129\.129\.146\.|129\.129\.15[078]\.|129\.129\.160\.|129\.129\.18[89]\.|129\.129\.19[045]\.|129\.129\.230\.|129\.129\.24[01]\.|192\.33\.126\.|172\.24\.6|129\.129\.95\.)'"
|
||||
ProxyJump wmgt01
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 |grep -vE '(172\.24\.6\.34)'| grep -qE '^(129\.129\.8[789]\.|172\.24\.6\.|172\.24\.52\.|172\.24\.42\.)'"
|
||||
ProxyJump cptgate01.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 |grep -qE '(172\.23\.9[89]\.)'"
|
||||
ProxyJump esi-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(172\.20\.3\.)'"
|
||||
ProxyJump sls-gw.psi.ch
|
||||
## gw excluded from the wmgt01 batch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(172\.21\.1[012]\.)'"
|
||||
ProxyJump fin-gw.psi.ch
|
||||
## gw excluded from the wmgt01 batch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(172\.21\.70\.)'"
|
||||
ProxyJump trfcb-gw.psi.ch
|
||||
## gw excluded from the wmgt01 batch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(172\.25\.11\.|172\.25\.60\.)'"
|
||||
ProxyJump proscan-gw.psi.ch
|
||||
## gw excluded from the wmgt01 batch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(172\.19\.10\.|172\.22\.120\.)'"
|
||||
ProxyJump hipa-gw.psi.ch
|
||||
## gw excluded from the wmgt01 batch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(129\.129\.242\.)'"
|
||||
ProxyJump saresa-gw.psi.ch
|
||||
## gw excluded from the wmgt01 batch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(129\.129\.243\.)'"
|
||||
ProxyJump saresb-gw.psi.ch
|
||||
## gw excluded from the wmgt01 batch
|
||||
|
||||
# jump host doesn't exist ???
|
||||
#Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(129\.129\.242\.)'"
|
||||
#ProxyJump sls-proscan.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -qE '^(172\.26\.[08]\.|172\.26\.16\.|172\.26\.24\.|172\.26\.32\.|172\.26\.40\.|172\.26\.110\.|172\.26\.120\.)'"
|
||||
ProxyJump sf-gw.psi.ch
|
||||
## gw excluded from the wmgt01 batch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.98\.12)' | grep -qE '^(129\.129\.98\.)'"
|
||||
ProxyJump x01dc-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.99\.12)' | grep -qE '^(129\.129\.99\.)'"
|
||||
ProxyJump x02da-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.101\.12)' | grep -qE '^(129\.129\.101\.)'"
|
||||
ProxyJump x03ma-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.102\.12)' | grep -qE '^(129\.129\.102\.)'"
|
||||
ProxyJump x03da-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.104\.12)' | grep -qE '^(129\.129\.104\.)'"
|
||||
ProxyJump x04sa-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.105\.12)' | grep -qE '^(129\.129\.105\.)'"
|
||||
ProxyJump x04db-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.106\.12)' | grep -qE '^(129\.129\.106\.)'"
|
||||
ProxyJump x05la-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.107\.12)' | grep -qE '^(129\.129\.107\.)'"
|
||||
ProxyJump x05da-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.109\.12)' | grep -qE '^(129\.129\.109\.)'"
|
||||
ProxyJump x06sa-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.110\.12)' | grep -qE '^(129\.129\.110\.)'"
|
||||
ProxyJump x06da-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.126\.12)' | grep -qE '^(129\.129\.126\.)'"
|
||||
ProxyJump x06mx-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.112\.12)' | grep -qE '^(129\.129\.112\.)'"
|
||||
ProxyJump x07ma-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.113\.12)' | grep -qE '^(129\.129\.113\.)'"
|
||||
ProxyJump x07da-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.116\.12)' | grep -qE '^(129\.129\.116\.)'"
|
||||
ProxyJump x09lb-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.117\.12)' | grep -qE '^(129\.129\.117\.)'"
|
||||
ProxyJump x09la-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.118\.12)' | grep -qE '^(129\.129\.118\.)'"
|
||||
ProxyJump x10sa-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.119\.12)' | grep -qE '^(129\.129\.119\.)'"
|
||||
ProxyJump x10da-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.121\.12)' | grep -qE '^(129\.129\.121\.)'"
|
||||
ProxyJump x11ma-gw.psi.ch
|
||||
|
||||
Match exec "host %h | cut -d ' ' -f 4 | grep -vE '(129\.129\.122\.12)' | grep -qE '^(129\.129\.122\.)'"
|
||||
ProxyJump x12sa-gw.psi.ch
|
||||
|
||||
Host *
|
||||
User klar_t
|
||||
IdentityFile ~/.ssh/id_rsa-cert.pub
|
||||
PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com
|
||||
ControlMaster auto
|
||||
ControlPath ~/.ssh/cm_socket/%r@%h:%p
|
||||
```
|
||||
Reference in New Issue
Block a user