...
| Code Block | ||
|---|---|---|
| ||
Match Host *.essex.ac.uk
Include ~/.ssh/ch_config |
This will match any host in the target domain (essex.ac.uk) and include the contents of the crosshacke file which needs to contain the following:-
| Code Block | ||
|---|---|---|
| ||
# crosshackle include file for domain essex.ac.uk # we only get here if host matching *.essex.ac.uk # check if we need a new cert Match Host !sshca.*,!sshenrol.*,* !exec "%d/.ssh/signkey %d/.ssh/id_ed25519_essex.ac.uk bret@sshca.essex.ac.uk" # if exit code was 1, create some fake settings to blow this # connection out of the water GlobalKnownHostsFile /dev/null UserKnownHostsFile /dev/null StrictHostKeyChecking yes ConnectTimeout 1 # check if we need to route through the gateway Match Host !sshgw.*,!sshca.*,!sshenrol.*,* !exec "ssh-keyscan -T 1 %h >%d/.ssh/junk 2>&1" ProxyJump bret@sshgw.essex.ac.uk # otherwise, use the defaults - if you need to override these # do this in the main config before this include file is called Host * User bret IdentityFile ~/.ssh/id_ed25519_essex.ac.uk ForwardAgent yes |
Assuming that the client attempts to connect to host foo.essex.ac.uk (using an implicit or explicit username), OpenSSH (be that ssh, scp sftp etc) will run through each of the active configuration stanzas. These do the following:-
...