How to automatically switch ssh configuration based on local subnet?

Question

How to automatically switch ssh configuration based on local subnet?

When I am on a specific network (subnet 10.10.11.x), I need to jump over the intermediate host in order to reach my destination due to the destination port, which I cannot change, and the limited ports on which I can leave the limited network. I successfully use ssh configuration:

Host web-direct web HostName web.example.com Port 1111 Host web-via-jump jweb HostName web.example.com Port 1111 ForwardAgent yes ProxyCommand ssh -p 110 -q relay.example.com nc %h %p

Going through jumpers is a significant hit on performance, so I need to avoid it in most cases when it is not needed. Switching the ssh / scp / rsync host alias is good for interactive use, but there are some automated / script tasks that are very painful.

My shell remains open during network transitions, so the startup mechanisms (.zshrc) do not help.

I was thinking of running a script to poll a limited subnet and automate the switch by modifying the .ssh / config file, but I'm not even sure that there will be a problem with caching. Before implementing this, I thought to ask if there is a better approach.

What is the best approach to replace ssh configuration based on discovering the source host subnet?

In the pseudo-config, something like:

 if <any-active-local-interface> is on 10.10.11.x: Host web HostName web.example.com Port 1111 ForwardAgent yes ProxyCommand ssh -p 110 -q relay.example.com nc %h %p else: Host web HostName web.example.com Port 1111 endif

+7

ssh

Mike Nov 22 '16 at 16:03

source share

3 answers

I use the following function to do this:

 function ssh() { network=`networksetup -getairportnetwork en0 | cut -d: -f2 | tr -d [:space:]` if [ -n "$network" -a -f $HOME/.ssh/config.$network ]; then /usr/bin/ssh -F $HOME/.ssh/config.$network " $@ " else /usr/bin/ssh " $@ " fi } export -f ssh

Therefore, I must have a separate configuration file for each Wi-Fi network in which I want my own solution. It works for me right now, but it is ugly, so I could recommend it only as an idea, not as the best solution.
We will be happy to know a solution better.

0

Fedor Dikarev Nov 22 '16 at 16:36

source share

Based on Fedor Dikarev’s answer , Mike created a bash script called onsubnet :

 #!/usr/bin/env bash if [[ "$1" == "--help" ]] || [[ "$1" == "-h" ]] || [[ "$1" == "" ]] ; then printf "Usage:\n\tonsubnet [ --not ] partial-ip-address\n\n" printf "Example:\n\tonsubnet 10.10.\n\tonsubnet --not 192.168.0.\n\n" printf "Note:\n\tThe partial-ip-address must match starting at the first\n" printf "\tcharacter of the ip-address, therefore the first example\n" printf "\tabove will match 10.10.10.1 but not 110.10.10.1\n" exit 0 fi on=0 off=1 if [[ "$1" == "--not" ]] ; then shift on=1 off=0 fi regexp="^$(sed 's/\./\\./g' <<<"$1")" if [[ "$(uname)" == "Darwin" ]] ; then ifconfig | fgrep 'inet ' | fgrep -v 127.0.0. | cut -d ' ' -f 2 | egrep "$regexp" >/dev/null else hostname -I | tr -s " " "\012" | fgrep -v 127.0.0. | egrep "$regexp" >/dev/null fi if [[ $? == 0 ]]; then exit $on else exit $off fi

Then in his .ssh / config file it uses something like:

 Match exec "onsubnet 10.10.1." host my-server HostName web.example.com Port 1111 ForwardAgent yes ProxyCommand ssh -p 110 -q relay.example.com nc %h %p Match exec "onsubnet --not 10.10.1." host my-server HostName web.example.com Port 1111

0

Michael Mar 28 '19 at 12:45

source share

Jakuje · Accepted Answer · 2016-11-22T16:43:23+0000

It is possible to use Match exec to execute certain commands so that you can write something like this:

 Match exec "hostname -I | grep -F 10.10.11." host web ForwardAgent yes ProxyCommand ssh -p 110 -q relay.example.com nc %h %p Host web HostName web.example.com Port 1111

How to automatically switch ssh configuration based on local subnet?

More articles: