I'm using Itamae with a command like this:
itamae ssh -u ironsand -h xxx.xxx.xxx.xxx cookbooks/user.rb
The ssh configuration are saved with a name my_ssh_config.
Can I use the ssh config name as a argument of itamae ssh?
my ~/.ssh/config
Host my_ssh_config
HostName xxx.xxx.xxx.xxx
User ironsand
As of March 30, support for using ssh config hosts was merged into itamae's master branch:
https://github.com/itamae-kitchen/itamae/pull/115
So as long as you are using a recent copy of itamae, this functionality should be supported:
itamae ssh -h my_ssh_config cookbooks/user.rb
or
itamae ssh --host=my_ssh_config cookbooks/user.rb
You may also need to specify your key file on the command line using the -i option:
itamae ssh --host=my_ssh_config -i ~/.ssh/my_ssh_host.key cookbooks/user.rb
or with an IdentityFile stanza in your ssh config:
Host my_ssh_config
HostName xxx.xxx.xxx.xxx
User ironsand
IdentityFile ~/.ssh/my_ssh_host.key
Related
My use case is I have to access AWS ec2 instances through a jumpbox.
Here is my SSH config.
Host awsjumpbox
User sshuser
HostName jumpboxhostname
IdentityFile /Users/myusername/.ssh/id_rsa
LocalForward 8022 10.0.168.43:22
It works when I do SCP command to copy files to the EC2 instance.
myusername % scp -r -i ~/aws/aws-keypair.pem -P 8022 * ec2-user#localhost:testdir
The authenticity of host '[localhost]:8022 ([::1]:8022)' can't be established.
ECDSA key fingerprint is SHA256:rrwr62yjP2cgUTT9SowdlrIwGi4jMMwt5x4Aj6E4Y3Y.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:8022' (ECDSA) to the list of known hosts.
/etc/profile.d/lang.sh: line 19: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
README.md 100% 1064 24.3KB/s 00:00
However, when I executed SSH command. It returns a strange IP address.
myusername % ssh -i ~/aws/aws-keypair.pem -P 8022 ec2-user#localhost
ssh: connect to host 0.0.31.86 port 22: No route to host
What is the cause of this issue? How do I fix it?
Thank you.
Don't use LocalForward and reverse the flow.
Use ProxyCommand or ProxyJump. This will allow SSH to open a session to your bastion server transparently.
E.g. your configuration should be something in the line of
Host 10.0.168.43
User root
ProxyCommand ssh -W %h:%p sshuser#awsjumpbox
...
or
Host 10.0.168.43
User root
ProxyJump sshuser#awsjumpbox
...
I have a complex SSH tunnel problem I'm trying to solve and can't seem to get it quite right.
Simply put:
ME -> Bastion:22 -> Instance:8500
Bastion uses a different username and key than instance. I would like to be able to access port 1234 on instance from localhost:1234
Right now I have the following:
Host bastion
HostName bastion.example.com
ForwardAgent yes
IdentityFile ~/.ssh/id_ecdsa
User spanky
Host internal
ForwardAgent yes
HostName consul.internal
IdentityFile ~/.ssh/aws.pem
ProxyJump bastion
User ec2-user
Port 8500
But I don't think I've got it.
The following two commands work, but I'm trying to distill them into a working config:
ssh -L 2222:10.0.0.42:22 bastion.example.com -N -i ~/.ssh/id_ecdsa
ssh -L 8500:localhost:8500 ec2-user#localhost -N -i ~/.ssh/aws.pem -p 2222
With a current version of ssh, you should be able to use:
ssh -L1234:localhost:1234 -J spanky#bastion.example.com ec2-user#consul.internal
From man ssh:
-J destination
Connect to the target host by first making a ssh
connection to the jump host described by destination and then
establishing a TCP forwarding to the ultimate destination from there.
Multiple jump hops may be specified separated by comma characters.
This is a shortcut to specify a ProxyJump configuration directive.
I am configuring a local Hadoop cluster but I have a problem with password configurations.
When I type
ssh localhost
This message is displayed:
ssh localhost
key_load_public: invalid format
I already tried using these commands to replace my previous authorized keys:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
But it did not work.
You can create a .config file in your ~/.ssh directory and then add the credentials.
Like this,
// ~/.ssh/config
# SSH Host configuration file
# Default for all
Host *
ForwardAgent no
ForwardX11 yes
ForwardX11Trusted yes
Host <hostname_here>
HostName <ip_address>
User <user_name>
Since it seems that your problems is more related with keys, you can try using ssh -i <your key file> username#ip_addr -p <port>
Instead of ssh "~/.ssh/somekey.pem" ubuntu#somehost, is there a way to make ssh auto check the ~/.ssh directory for keys so that I can simply do ssh "somekey.pem" ubuntu#somehost (i.e. omitting ~/.ssh)?
If you're using the same host then try updating your ~/.ssh/config file with the host info
Host dev
IdentityFile ~/.ssh/github.key
HostName dev.example.com
Port 22000
User fooey
then just type ssh dev to ssh in!
I am using Git on Windows with Git Bash.
In C:\Users\myuser\.ssh I created a config file, where I declared a host
Host my-host along with some configuration.
The config file has the following content:
Host my-host
User my-username
Hostname my-repo.com
Port 7999
IdentityFile id_rsa
In theory, I should be able to connect to this host from the command line:
ssh my-host.
However, that doesn't happen, if try to run this command from Git Bash, I get:
ssh: Could not resolve hostname my-host: Name or service not known
So how can I make this host visible in Git Bash or in Windows Command Line?
Check port number, 7999 is not usual for ssh
set full path for id_rsa, like ~/.ssh/id_rsa
maybe you should use alias name without "-"
check connection with your parameters without alias, like "ssh -i~/.ssh/id_rsa -p7999 user#host"
check you id_rsa, is it private key?
check rights on folder and file: ~/.ssh - 700, ~/.ssh/config - 600