https://agora.nasqueron.org/index.php?action=history&feed=atom&title=Operations_grimoire%2FRecommended_SSH_configurationOperations grimoire/Recommended SSH configuration - Revision history2026-04-25T02:43:05ZRevision history for this page on the wikiMediaWiki 1.46.0-alphahttps://agora.nasqueron.org/index.php?title=Operations_grimoire/Recommended_SSH_configuration&diff=2034&oldid=prevDereckson: Created page with "== Consolidated OpenSSH configuration == The introduction of ProxyJump has simplified the bastion configuration since OpenSSH version 7.5: <syntaxhighlight> Host *.nasqueron.drake ProxyJump windriver.nasqueron.org Host 172.27.27.* ProxyJump windriver.nasqueron.org </syntaxhighlight> Older version of OpenSSH can use instead: <code>ProxyCommand "ssh -W %h:%p windriver.nasqueron.org"</code> == Use bastion as proxy == To connect on a server where the port 22 i..."2025-10-02T21:24:39Z<p>Created page with "== Consolidated OpenSSH configuration == The introduction of ProxyJump has simplified the bastion configuration since OpenSSH version 7.5: <syntaxhighlight> Host *.nasqueron.drake ProxyJump windriver.nasqueron.org Host 172.27.27.* ProxyJump windriver.nasqueron.org </syntaxhighlight> Older version of OpenSSH can use instead: <code>ProxyCommand "ssh -W %h:%p windriver.nasqueron.org"</code> == Use bastion as proxy == To connect on a server where the port 22 i..."</p>
<p><b>New page</b></p><div>== Consolidated OpenSSH configuration ==<br />
<br />
The introduction of ProxyJump has simplified the bastion configuration since OpenSSH version 7.5:<br />
<br />
<syntaxhighlight><br />
Host *.nasqueron.drake<br />
ProxyJump windriver.nasqueron.org<br />
<br />
Host 172.27.27.* <br />
ProxyJump windriver.nasqueron.org<br />
</syntaxhighlight><br />
<br />
Older version of OpenSSH can use instead: <code>ProxyCommand "ssh -W %h:%p windriver.nasqueron.org"</code><br />
<br />
== Use bastion as proxy ==<br />
<br />
To connect on a server where the port 22 isn't publicly accessible, use a development server as a bastion.<br />
<br />
Do you do extensive work on the development server?<br />
* YES -> a good workflow is to create a tmux panel for your remote server connection<br />
* NO -> use the development server as proxy<br />
<br />
All the following works:<br />
<br />
<syntaxhighlight lang="shell"><br />
# Connect first to the bastion. Then, to the destination server (useful as tmux pane)<br />
$ ssh windriver.nasqueron.org<br />
$ ssh docker-002<br />
<br />
# Connect with ProxyJump option (OpenSSH 7.5+)<br />
$ ssh -J windriver.nasqueron.org 172.27.27.5<br />
<br />
# Connect with ProxyCommand option for older OpenSSH clients<br />
$ ssh -o ProxyCommand="ssh -W %h:%p windriver.nasqueron.org" docker-002.nasqueron.drake<br />
</syntaxhighlight><br />
<br />
Note you can generally use short names, fully qualified names or IP. If a short name doesn't work, but the IP works, the /etc/hosts of the bastion needs to be updated.</div>Dereckson