Hello everyone,
my workplace has gotten the idea of centrally maintaining a file in
ssh_config syntax so that employees do not need to discover every new
machine and configure it on their own. Since it's a case of "let's get
started now, and properly think it through later", right now, a typical
entry might look like
> Host [product]-[Customer]
> Hostname [privateIP]
> user [primaryAccount]
> ProxyCommand nc -x 127.0.0.1:2124 -X 5 %h %p
(with the parts in [] varying from one machine to the next) - and if you
know how disparate the options of "nc"/netcat can look from one distrib
to the next, you'll immediately know why this suggestion has me
concerned. :-}
I suppose that *this* particular instance of the problem can be mostly
fixed, either by switching to "ProxyJump" (referring to a config entry
that every user maintains himself) or with a wrapper script¹, but it has
me wondering: Are there plans, or even better already-implemented
mechanisms, that would allow entries in (global) config files to
"inherit"² single config lines preset in another (individual) config file?
¹ Note that as of now, the names do *not* include which platform the
machine is running on, but the proper proxying depends on that. So, no
using "Host" blocks with patterns unless I can get everyone to using
*my* host-naming style. :-/
² Please take the term with a planetoid of salt. I do not have a
preference whether it should be, or act like, "inheritance" like in
Nagios object configs, "includes", "variables", "templates", or
whatever. :-3
³ Yes, I suppose that providing just the main data - name, IP, user,
port (if nonstandard) and which proxy to use - from a central source and
individually turning that into an ssh_config with some preprocessor
could also prove a powerful solution here ...
Thanks in advance,
--
Jochen Bern
Systemingenieur
Binect GmbH
my workplace has gotten the idea of centrally maintaining a file in
ssh_config syntax so that employees do not need to discover every new
machine and configure it on their own. Since it's a case of "let's get
started now, and properly think it through later", right now, a typical
entry might look like
> Host [product]-[Customer]
> Hostname [privateIP]
> user [primaryAccount]
> ProxyCommand nc -x 127.0.0.1:2124 -X 5 %h %p
(with the parts in [] varying from one machine to the next) - and if you
know how disparate the options of "nc"/netcat can look from one distrib
to the next, you'll immediately know why this suggestion has me
concerned. :-}
I suppose that *this* particular instance of the problem can be mostly
fixed, either by switching to "ProxyJump" (referring to a config entry
that every user maintains himself) or with a wrapper script¹, but it has
me wondering: Are there plans, or even better already-implemented
mechanisms, that would allow entries in (global) config files to
"inherit"² single config lines preset in another (individual) config file?
¹ Note that as of now, the names do *not* include which platform the
machine is running on, but the proper proxying depends on that. So, no
using "Host" blocks with patterns unless I can get everyone to using
*my* host-naming style. :-/
² Please take the term with a planetoid of salt. I do not have a
preference whether it should be, or act like, "inheritance" like in
Nagios object configs, "includes", "variables", "templates", or
whatever. :-3
³ Yes, I suppose that providing just the main data - name, IP, user,
port (if nonstandard) and which proxy to use - from a central source and
individually turning that into an ssh_config with some preprocessor
could also prove a powerful solution here ...
Thanks in advance,
--
Jochen Bern
Systemingenieur
Binect GmbH
Attached Files:
-
smime.p7s (3.37 KB)