[FrontPage] [TitleIndex] [WordIndex

This is a read-only archived version of wiki.centos.org

Suppose that you need to reach a node that is not directly reachable (not on the internet, or other reasons) but that you can reach another bastion node in front. There is no need to each time ssh into that bastion host and then reconnect to the second node. ssh_config has a nice ProxyCommand feature for this , so here is an example of ~/.ssh/config :

Host bastion
  Hostname bastion.yourdomain.com
  ForwardAgent yes

Host hidden
  Hostname IP.or.FQDN.known.by.bastion
  ProxyCommand ssh bastion -W %h:%p 2>/dev/null

You can now directly , from your laptop/workstation, use ssh to directly land in the "hidden" machine, without a need for a shell on the bastion host:

ssh hidden hostname

This works also for sftp/scp to directly copying to that node.


To access CentOS CI infra you would need something like this in your .ssh/config ( and remember to chmod 600 the file ):

Host jump.ci
 Hostname jump.ci.centos.org
 User <your_ci_username>
 ProxyCommand none
 ForwardAgent yes
 GSSAPIAuthentication no

Host *.ci.centos.org
  ProxyCommand ssh jump.ci -W %h:%p
  ForwardAgent yes
  GSSAPIAuthentication no

once this is added in, you should be able to ssh to your project account 'ssh <your_project_name>@slave01.ci.centos.org' and do any work needed on that machine.

2023-09-11 07:23