4

I'm have configured a bastion or (jump) box to access a virtual private network.

#ssh_config
Host bastion
HostName 14.90.140.120
User me
IdentityFile ~/.ssh/me
ForwardAgent yes

Host 10.1.*
User me
IdentityFile ~/.ssh/me
ProxyCommand ssh bastion -W %h:%p

I am able to ssh into both the bastion and 10.1.1.6 address with no issues.

What I would like to be to do is add an entry like the following. Note: I have not time for DNS at the moment, but it would be my preferred approach.

#/etc/hosts
10.1.1.6    my-host-inside-vpc.corp.internal

When I do that however and try to access the machine I get the following

➜  ~ ssh -vvv my-host-inside-vpc.corp.internal
     debug1: Reading configuration data /home/me/.ssh/config
     debug1: /etc/ssh/ssh_config line 19: Applying options for *
     debug2: ssh_connect: needpriv 0
     debug1: Connecting to my-host-inside-vpc.corp.internal [10.1.1.6] port 22.

At this point the operation times out.

bearrito
  • 380
  • 3
  • 16

1 Answers1

5

The Host matches the name you use when you connect, not the ip after dns resolution.

Try using Host *corp.internal instead.

Per our discussion in the comments if you want to use the symbolic names, yet are required to resolve them to IPs for the bastion host, then you could use a sub-expressionist in the ProxyCommand like this.

ProxyCommand ssh bastion -W $(getent hosts $h | cut -d " " -f1):%p
Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • Triad that and I now receive - Executing proxy command: exec ssh bastion -W my-host-inside-vpc.corp.internal:22 ...... debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8 channel 0: open failed: administratively prohibited: open failed ssh_exchange_identification: Connection closed by remote host – bearrito Sep 06 '16 at 20:12
  • Is it possible to resolve and expand the ip in the ProxyCommand? – bearrito Sep 06 '16 at 20:17
  • Stuff in the proxycommand is a command. You could possibly put in something like `ProxyCommand ssh bastion -W $(getent hosts %h):%p`. I haven't tested that though. Basically just figure out a shell expression that will resolve the name and return the IP from the subexpression. – Zoredache Sep 06 '16 at 21:28
  • I added the following to extract the ip getent hosts $h | cut -d " " -f1. If you add as an answer I will accept. – bearrito Sep 07 '16 at 13:23
  • Ok, I have updated. – Zoredache Sep 07 '16 at 18:06