Here’s some insight into my ssh config.

Proxy commands

This is how to use proxytunnel, corkscrew and netcat to do ssh proxying.

If you wanted to ssh to home via vyatta via architect, you would do so as follows:

1
ssh home_vyatta_architect

config section for ProxyCommand

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
Host *_connect-polipo
    ProxyCommand nc -X connect -x localhost:8123  %h %p
Host *_tunneluni
    ProxyCommand proxytunnel -p proxy.student.otago.ac.nz:3128 -F ~/.ssh/http_proxy_pass/uni -d %h:%p -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"
Host *_tunneluni_connect-aphorism
    ProxyCommand proxytunnel -p proxy.student.otago.ac.nz:3128 -F ~/.ssh/http_proxy_pass/uni -r proxy.cruft.co.nz:8080 -d %h:%p -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"
Host *_tunneluni_connect-home-creative
    ProxyCommand proxytunnel -p proxy.student.otago.ac.nz:3128 -F ~/.ssh/http_proxy_pass/uni -r lastaoeladder.com:80 -d %h:%p -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"
Host *_tunneluni_connect-home-architect
    ProxyCommand proxytunnel -p proxy.student.otago.ac.nz:3128 -F ~/.ssh/http_proxy_pass/uni -r lastaoeladder.com:443 -d %h:%p -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)\n"
Host *_vyatta_creative_connect-home-creative
    ProxyCommand ssh _vyatta_creative_connect-home-creative nc %h %p
Host *_creative_connect-home-creative
    ProxyCommand ssh creative_connect-home-creative nc %h %p
Host *_architect_connect-home-creatxve
    ProxyCommand ssh architect_connect-home-creative nc %h %p
Host *_vyatta_connect-home-creative
    ProxyCommand ssh vyatta_connect-home-creative nc %h %p
Host *_connect-aphorism
    ProxyCommand nc -X connect -x proxy.cruft.co.nz:8080 %h %p
Host *_connect-home-creative
    ProxyCommand nc -X connect -x lastaoeladder.com:80 %h %p
Host *_vyatta_creative_connect-home-architect
    ProxyCommand ssh _vyatta_creative_connect-home-architect nc %h %p
Host *_creative_connect-home-architect
    ProxyCommand ssh creative_connect-home-architect nc %h %p
Host *_architect_connect-home-architect
    ProxyCommand ssh architect_connect-home-architect nc %h %p
Host *_vyatta_connect-home-architect
    ProxyCommand ssh vyatta_connect-home-architect nc %h %p
Host *_connect-home-architect
    ProxyCommand nc -X connect -x lastaoeladder.com:443 %h %p
Host *_corkscrew_home_architect
    ProxyCommand corkscrew lastaoeladder.com:443 %h %p
Host *_home-creative-slave
    ProxyCommand ssh home-creative-slave nc %h %p
Host *_home-creative
    ProxyCommand ssh home-creative nc %h %p
Host *_home-architect
    ProxyCommand ssh home-architect nc %h %p
Host *_vyatta_creative
    ProxyCommand ssh vyatta_creative nc %h %p
Host *_creative
    ProxyCommand ssh creative nc %h %p
Host *_vyatta_architect
    ProxyCommand ssh vyatta_architect nc %h %p
Host *_architect
    ProxyCommand ssh architect nc %h %p
Host *_blackbeard_vyatta
    ProxyCommand ssh blackbeard_vyatta nc %h %p
Host *_headunit_vyatta
    ProxyCommand ssh headunit_vyatta nc %h %p
Host *_2headunit_vyatta
    ProxyCommand ssh 2headunit_vyatta nc %h %p
Host *_jenkins
    ProxyCommand ssh jenkins -W %h:%p
Host *_barcoder
    ProxyCommand ssh barcoder -W %h:%p
Host *_gumboots
    ProxyCommand ssh gumboots -W %h:%p
Host *_godel
    ProxyCommand ssh godel -W %h:%p
Host *_vyatta
    ProxyCommand ssh vyatta -W %h:%p
Host *_blackbeard
    ProxyCommand ssh blackbeard nc %h %p
Host *_headunit
    ProxyCommand ssh headunit nc %h %p
Host *_2headunit
    ProxyCommand ssh 2headunit nc %h %p
Host *_fleury
    ProxyCommand ssh fleury nc %h %p
Host *_crocodile
    ProxyCommand ssh crocodile nc %h %p
Host *_mihawk
    #ProxyCommand ssh mihawk nc %h %p
    ProxyCommand ssh mihawk -W %h:%p
Host *_usopp
    ProxyCommand ssh usopp -W %h:%p
Host *_zee
    ProxyCommand ssh zee nc %h %p
Host *_chopper
    ProxyCommand ssh chopper nc %h %p
Host *_krieg
    ProxyCommand ssh krieg nc %h %p
Host *_ace
    ProxyCommand ssh ace nc %h %p
Host *_luffy
    ProxyCommand ssh luffy nc %h %p
Host *_hook
    ProxyCommand ssh hook nc %h %p
Host *_sanji
    ProxyCommand ssh sanji nc %h %p
Host *_davyjones
    ProxyCommand ssh davyjones nc %h %p

Ignore key

I also like to use the underscore notation to enable additional options.

Place the following near the end of the .ssh/config.

1
2
3
Host *_ignore* *_other
    StrictHostKeychecking no
    UserKnownHostsfile /dev/null

Defaults should be at the end

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Host *
    # LogLevel VERBOSE
    # StrictHostKeyChecking is dangerous. It means i'm not checking for potential
    # man-in-the-middle spoofing attacks
    # /home/shane/ws/ssh/ingore-the-authenticity-of-host-hostname-cant-be-established.txt
    #StrictHostKeyChecking no

    #SendEnv LSCOLORS
    BatchMode yes
    IdentityFile ~/.ssh/ids/default.pem
    Compression yes
    ForwardAgent yes
    TCPKeepAlive no
    ServerAliveInterval 5
    #ServerAliveInterval 30 #default 0 (off)
    ServerAliveCountMax 3
    #Ciphers arcfour,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
    #ControlMaster auto
    #We want this as no so that we can make manually create master sessions
    ControlMaster no
    #ControlPersist yes
    ControlPath ~/.ssh/master/%r@%h:%p
    ForwardX11 no
    ForwardX11Trusted no
    Port 22