20 Feb 2015 →
My employer uses ssh bastion hosts. This means in order to ssh into any server, I must first connect to a known secure server, or ‘bastion host’.
To deal with the double-connection pain, most people I know maintain a long list aliases to the servers they most commonly ssh into. For years I too maintained one of these wild configurations in my dotfiles, changing and committing it every time we stood up new servers. No more!
.ssh/config now contains these four precious lines:
Host bastion HostName some-bastion-host.umn.edu Host *.umn.edu ProxyCommand ssh bastion nc %h %p
This configuration will match any host under
umn.edu and transparently proxy it
through the bastion host using netcat.
I also use
bash-completion on my Mac (
brew install bash-completion). This
allows me to auto-complete hostnames that are in my
With bash-completion available,
ssh blah+TAB auto-completes to
So in the past, my ssh aliases existed for two reasons: to perform the proxy, and to shorten crazy-long hostnames. This ssh config and bash-completion make the need to maintain aliases disappear.comments powered by Disqus