Ssh forwarding with same config file hack
Recently, today on the past of my work we made decision use ansible for managing our hundreds of hosts. For that purpose, until proper CMDBuild integration will happen was used dedicated inventory hosts file and ssh.config. For make it shareable and placed under git in same project it made standalone.
In ansible.cfg then just mention that like:
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -F inventory/ssh.config
All works good until happened hosts what require proxy hope. It is one of the best future of ssh configured easy and works great:
Host app.marrgmain.rgc app.marrg.rgc HostName 172.31.12.201 ProxyCommand ssh esb.marrg.rgc -W %h:%p
Ssh standalone client works great if you place that in ~/.ssh/config because it default file location and will be used by inner ssh which run as proxy! But fails if you run it from another path like:
ssh -F ssh.config app.marrg.rgc
because ssh from proxy will use default one!
Off course you may solve it by provide path there too:
Host app.marrgmain.rgc app.marrg.rgc HostName 172.31.12.201 ProxyCommand ssh -F /path/to/same/ssh.config esb.marrg.rgc -W %h:%p
But that solution is error prone and has several disadvantages:
- You always must use same paths.
- That hardcoded and need to be rewritten each time when files moved
- For all users of our repo it must be adjusted...
Unfortunately I have no any scripting capabilities or config inheritance/including. Similar requests opens from 2009 year!
And I found some sort hack...
As ProxyCommand is just executed command we want inherit config-file setting (-F) to that. As ssh does not provide config inheritance, we just do it manually. Command provided at least for bash but should work in many other shells too (comments welcome for yours):
Host app.marrgmain.rgc app.marrg.rgc HostName 172.31.12.201 ProxyCommand ssh -q $( egrep -z -A1 '^-F$' /proc/$PPID/cmdline ) esb.marrg.rgc -W %h:%p
All magic happened there: $( egrep -z -A1 '^-F$' /proc/$PPID/cmdline ) what just mean use same config as main command.
Share your opinion