Compounding global and individual settings in ssh-config files?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Hello everyone,
my workplace has gotten the idea of centrally maintaining a file in ssh_config syntax so that employees do not need to discover every new machine and configure it on their own. Since it's a case of "let's get started now, and properly think it through later", right now, a typical entry might look like 


Host    [product]-[Customer]
        Hostname        [privateIP]
        user            [primaryAccount]
        ProxyCommand nc -x 127.0.0.1:2124 -X 5 %h %p
(with the parts in [] varying from one machine to the next) - and if you know how disparate the options of "nc"/netcat can look from one distrib to the next, you'll immediately know why this suggestion has me concerned. :-}
I suppose that *this* particular instance of the problem can be mostly fixed, either by switching to "ProxyJump" (referring to a config entry that every user maintains himself) or with a wrapper script¹, but it has me wondering: Are there plans, or even better already-implemented mechanisms, that would allow entries in (global) config files to "inherit"² single config lines preset in another (individual) config file?
¹ Note that as of now, the names do *not* include which platform the machine is running on, but the proper proxying depends on that. So, no using "Host" blocks with patterns unless I can get everyone to using *my* host-naming style. :-/
² Please take the term with a planetoid of salt. I do not have a preference whether it should be, or act like, "inheritance" like in Nagios object configs, "includes", "variables", "templates", or whatever. :-3
³ Yes, I suppose that providing just the main data - name, IP, user, port (if nonstandard) and which proxy to use - from a central source and individually turning that into an ssh_config with some preprocessor could also prove a powerful solution here ... 

Thanks in advance,
--
Jochen Bern
Systemingenieur

Binect GmbH

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux