Have you experienced the glory of RTFMing (reading the fantastic manual) for SSH?  The options alone will astound you.  Even after using SSH seriously for almost 20 years I still feel like I'm just scratching the surface.  But over the years I've learned a few tricks (reverse proxy, etc) but I'm not going to go into that.  I just wanted to go over a few basic things that are super handy for working on VMs in the cloud.

For the love of all that is holy: use the SSH Config File!

You know those private key files that OpenStack or your favorite cloud providers require you to log into the VMs you just created?  Well logging into them goes something like this:

 

ssh -i ~/.ssh/cassandra.pem core@10.93.234.92

 

This is just madness.  How do you even remember that?  Every time you have to log in you have to connect multiple neurons in the brain.  That's no good my friends.  Make it easy on yourself.  Use the SSH config file.

 

On my Mac inside of the ~/.ssh directory you can create a file called config.  In this file we place something like the following:

 

Host cass-test
  User core
  Hostname 10.93.234.92
  IdentityFIle ~/.ssh/cassandra.pem

 

Now all I have to do to log into this server is do:

ssh cass-test

And Boom!  I'm on my cassandra test server.  Way easier.

 

Bastion Host Jumping

Suppose you have a pristine bastion host in the cloud.  Behind this host is another host that is your management host, or build host.  For example, when we install kubernetes in a private network behind a cloud, we keep the bastion host clean and do work from a management host.  This is more secure as there is no additional software on the bastion host.

 

However, I'll usually run ansible scripts from my laptop that need to communicate with the host behind the firewall.  You know what sucks?  It's having to SSH twice every time to get to that host.  But do not fret, the SSH config file is here once again to save your sorry sauce and help you out.

 

On my Mac I do this by creating a file called ~/.ssh/config and I put all my hosts in there.  Here is a sample:

Host jump.amster
  User cloud-user
  IdentityFile ~/.ssh/amsterdam-blockchain.pem
  Hostname 173.xx.xx.xx
Host amster
  User cloud-user
  IdentityFile ~/.ssh/amsterdam-blockchain.pem
  Hostname 10.0.0.6
  ProxyCommand ssh -W %h:%p jump.amster

 

Now, if I want to go to the amster server (which lives in the private 10.0.0.x address space) I can just do

ssh amster

That will take me to that file.  Why?  Cause I used the Proxy command to proxy through the jump host.  Notice that the private key (in this case amsterdam-blockchain.pem) only lives on your local server and does not need to live on the jump host (jump.amster).

Awesome.