Centralized and reliable SSH client configuration
SSH’ing into several VMs in a daily basics can be challenging and error-prone. In most cases you have to remember a bunch of different options: ips/domains, users, ports, ciphers… It’s hard to be updated when servers are added/removed and the SSH tunneling commands are easy to forget. At Zaleos we try to minimize errors by adopting good practices or well-defined strategies. In this blog post, we’re going to share the solution we adopted to efficiently sharing SSH client configuration within our team.
1. The SSH Config file
Is the key of our setup.
You can configure the SSH options you want to use using the SSH Config file, which is usually stored in your home folder.
At Zaleos, we use the
This allows the user to have more than one config.
This great tutorial explains pretty well the main magic behind the SSH Config file.
In our case, we have a strict naming convention which we all follow.
It starts with
zaleos and then it covers the networking logic based on subnets (dev, qa, …).
This categorization helps to quickly trigger BASH autocompletion and start typing where you want to SSH into.
SSH Basic Configuration
- This is a basic Zaleos SSH Configuration item.
- Stored at:
As you may already know, this configuration makes two following two set of commands identical:
- This is a basic Personal SSH Configuration item.
- Stored at:
This configuration has a default wildcard (*), which actually sets the defaults to be applied.
2. Sharing the SSH config file
It’s very important this file to be centralized and version controlled. We store it in a internal git repo with the proper permissions. In our case, just the admins can edit this file.
We all have a predefined functions in our
- Gets the latest
zaleos.configfrom the repo and stores it in the
- Generates a new
~/.ssh/configfile from all the files stored in the
~/.ssh/config.d/folder (alphabetical order).
3. Complex SSH requirements
Let’s imagine we don’t reach a server called unaccessible, but we can get into a server called accessible which reaches the unaccessible one.
3.a) SSH Proxying
We need to SSH into the unaccessible one. In this case we can easily configure a ProxyCommand as follows:
3.b) SSH Forwarding
We need reach the port
80 of the unaccessible as if it were local port
In this case we can easily configure a LocalForward as follows:
This post shares the knowledge and technique used at Zaleos to be better. The mix of simple configuration files with the complex ones commented is a very powerful tool to SSH into boxes.
As you can see, launching our SSH config BASH function and then typing
ssh <TAB> is a very efficient way to reach our destination.
Happy SSHing! ;-)