Have you experienced the glory of RTFMing (reading the fantastic manual) for SSH? The options alone will astound you. Even after using SSH seriously for almost 20 years I still feel like I'm just scratching the surface. But over the years I've learned a few tricks (reverse proxy, etc) but I'm not going to go into that. I just wanted to go over a few basic things that are super handy for working on VMs in the cloud.
For the love of all that is holy: use the SSH Config File!
You know those private key files that OpenStack or your favorite cloud providers require you to log into the VMs you just created? Well logging into them goes something like this:
ssh -i ~/.ssh/cassandra.pem email@example.com
This is just madness. How do you even remember that? Every time you have to log in you have to connect multiple neurons in the brain. That's no good my friends. Make it easy on yourself. Use the SSH config file.
On my Mac inside of the ~/.ssh directory you can create a file called config. In this file we place something like the following:
Host cass-test User core Hostname 10.93.234.92 IdentityFIle ~/.ssh/cassandra.pem
Now all I have to do to log into this server is do:
And Boom! I'm on my cassandra test server. Way easier.
Bastion Host Jumping
Suppose you have a pristine bastion host in the cloud. Behind this host is another host that is your management host, or build host. For example, when we install kubernetes in a private network behind a cloud, we keep the bastion host clean and do work from a management host. This is more secure as there is no additional software on the bastion host.
However, I'll usually run ansible scripts from my laptop that need to communicate with the host behind the firewall. You know what sucks? It's having to SSH twice every time to get to that host. But do not fret, the SSH config file is here once again to save your sorry sauce and help you out.
On my Mac I do this by creating a file called ~/.ssh/config and I put all my hosts in there. Here is a sample:
Host jump.amster User cloud-user IdentityFile ~/.ssh/amsterdam-blockchain.pem Hostname 173.xx.xx.xx Host amster User cloud-user IdentityFile ~/.ssh/amsterdam-blockchain.pem Hostname 10.0.0.6 ProxyCommand ssh -W %h:%p jump.amster
Now, if I want to go to the amster server (which lives in the private 10.0.0.x address space) I can just do
That will take me to that file. Why? Cause I used the Proxy command to proxy through the jump host. Notice that the private key (in this case amsterdam-blockchain.pem) only lives on your local server and does not need to live on the jump host (jump.amster).