SSH is a powerful tool. When configured correctly it should not only provide excellent security, it should also make your work easier and more convenient.
- You're using macOS
- This is not a requirement. The
cmcscript should work on any *nix.
- This is not a requirement. The
- You have already created a SSH key pair and added the secret key to your
Mac keychain.
- Test to see currently available keys:
ssh-add -L
- SSH key pair creation example:
ssh-keygen -b 4096 -C USERNAME@COMPUTER_DESCssh-add -K
- Test to see currently available keys:
- Your name is Arthur Dent
- Your username on your Mac laptop is
arthurdent - Your username on remote systems is
arthur
- Your username on your Mac laptop is
- Only the
~/.ssh/configon your laptop will ever need to be edited. - Three hypothetical hosts (see below)
# insecure
Host insecure insecure.example.com
HostName insecure.example.com
# bastion
Host bastion bastion.example.com
HostName bastion.example.com
ControlPersist 8h
# production
Host prod production prod*.example.com
HostName production.example.com
ControlPersist 2h
ProxyCommand ssh -q bastion nc -w30 %h %p
# global defaults
Host *
ControlMaster auto
ControlPath ~/.ssh/cp_%r_%h
ControlPersist 5m
ServerAliveCountMax 60
ServerAliveInterval 30
TCPKeepAlive no
User arthur
Please also see the annotated ssh configuration example with explanations:
annotated_config.md.
- Connect "directly" to hosts behind the firewall using bastion as a proxy
ssh prod- Automatically connects to
bastionand proxies through it.
- Realize you need to completely reconnect for some reason (ex. you made an error in your gpg-agent configuration).
- List current connections with
cmc -l. - Close impacted connections with
cmc -x bastion(which will automatically close the connection toprod)- or
cmc -Xto close all active connections