Linux – ssh tunneling with hostname in /etc/hosts file

linuxmac-osxsshssh-tunnel

I am trying to ssh to destination host via a jump box. Below is my config file entry

Host 172.* 
   User surendra
   IdentityFile ~/.ssh/id_rsa
   ProxyCommand ssh -q -A surendra@jump nc -q0 %h %p

This works fine when I SSH to destination box with IP address. But when i am trying to SSH with hostname this will not work.

Note: I made an entry in my /etc/hosts file as well.

Can someone please help how to configure the .ssh/config file so that i can ssh to destination box using the hostname by looking the hostname entry in my /etc/hosts file.

Best Answer

Use the -W:

Match exec grep %h /etc/hosts
    [...]
    ProxyCommand ssh -W  %h:%p -q -A surendra@jump

It will resolve the hostnames from your local machine and not from the jumpbox.

It will also check if your host is mentioned in the /etc/hosts.

Related Solutions

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Linux – Should /etc/hosts contain an entry like ‘127.0.0.1 localhost thehost.example.org thehost’

Are you willing to accept working DNS a point of failure in your environment or not. Some services/applications will fail in certain configurations if a system cannot resolve the local machine's name.

If you have an absolutely critical service that must be running in all situations, it isn't unusual to add a an entry in the hosts file so that service can continue to operate in the situation where DNS resolution fails.

If you can accept your DNS as a point of failure, or if your services don't fail in the case of broken resolution, configuration entries in the hosts file can be avoided.

I strongly suggest you make your DNS servers as rock solid as possible, and if you must configure your hosts file, use a configuration management system to do it. You really should avoid manually avoid touch a hosts file.

Best Answer

Related Solutions

Ssh – How to automate SSH login with password

Linux – Should /etc/hosts contain an entry like ‘127.0.0.1 localhost thehost.example.org thehost’

Related Topic