A transparent wrapper that adds regex, aliases, gateways, includes, dynamic hostnames to SSH.
Advanced SSH config is wrapped in lib-ssh as a ProxyCommand, it means that it works seamlessly with:
- ssh
- scp
- rsync
- git
- Desktop applications depending on
lib-sshorssh(i.e: Tower, Atom.io, SSH Tunnel Manager)
- regex support
- aliases
gate->gate.domain.tld - gateways -> transparent ssh connection chaining
- includes: split configuration in multiple files
- local command execution: finally the reverse of RemoteCommand
- templates: equivalent to host but you can't connect directly to a template, perfect for inheritance
- inheritance: make hosts inherits from host hosts or templates
- variable expansion: resolve variables from environment
- smart proxycommand: RAW tcp connection when possible with
netcatandsocatas default fallbacks
Connect to hosta using hostb as gateway.
$ ssh hosta/hostb
user@hosta $Equivalent to ssh -o ProxyCommand="ssh hostb nc %h %p" hosta
Connect to host using hostb as a gateway using hostc as a gateway.
$ ssh hosta/hostb/hostc
user@hosta $Equivalent to ssh -o ProxyCommand="ssh -o ProxyCommand='ssh hostc nc %h %p' hostb nc %h %p" hosta
- Automatically regenerates
~/.ssh/configfile when needed - Inspect parent process to determine log level (if you use
ssh -vv, assh will automatically be ran in debug mode) - Automatically creates
ControlPathdirectories so you can use slashes in yourControlPathoption
The ~/.ssh/config file is now managed by assh, take care to keep a backup your ~/.ssh/config file.
~/.ssh/assh.yml is a YAML file containing:
- an
hostsdictionary containing multiple HOST definitions - a
defaultssection containing global flags - and an
includessection containing path to other configuration files
hosts:
homer:
# ssh homer -> ssh 1.2.3.4 -p 2222 -u robert
HostName: 1.2.3.4
User: robert
Port: 2222
bart:
# ssh bart -> ssh 5.6.7.8 -u bart <- direct access
# or ssh 5.6.7.8/homer -u bart <- using homer as a gateway
HostName: 5.6.7.8
User: bart
Gateways:
- direct # tries a direct access first
- homer # fallback on homer gateway
maggie:
# ssh maggie -> ssh 5.6.7.8 -u maggie <- direct access
# or ssh 5.6.7.8/homer -u maggie <- using homer as a gateway
User: maggie
Inherits:
- bart # inherits rules from "bart"
bart-access:
# ssh bart-access -> ssh home.simpson.springfield.us -u bart
Inherits:
- bart-template
- simpson-template
lisa-access:
# ssh lisa-access -> ssh home.simpson.springfield.us -u lisa
Inherits:
- lisa-template
- simpson-template
schooltemplate:
User: student
IdentityFile: ~/.ssh/school-rsa
ForwardX11: yes
schoolgw:
# ssh school -> ssh gw.school.com -l student -o ForwardX11=no -i ~/.ssh/school-rsa
Hostname: gw.school.com
ForwardX11: no
Inherits:
- schooltemplate
"expanded-host[0-7]*":
# ssh somehost2042 -> ssh somehost2042.some.zone
HostName: "%h.some.zone"
vm-*.school.com:
# ssh vm-42.school.com -> ssh vm-42.school.com/gw.school.com -l student -o ForwardX11=yes -i ~/.ssh/school-rsa
Gateways:
- schoolgw
Inherits:
- schooltemplate
"*.scw":
# ssh toto.scw -> 1. dynamically resolves the IP address
# 2. ssh {resolved ip address} -u root -p 22 -o UserKnownHostsFile=null -o StrictHostKeyChecking=no
# requires github.com/scaleway/scaleway-cli
ResolveCommand: /bin/sh -c "scw inspect -f {{.PublicAddress.IP}} server:$(echo %h | sed s/.scw//)"
User: root
Port: 22
UserKnownHostsFile: /dev/null
StrictHostKeyChecking: no
my-env-host:
User: user-$USER
HostName: ${HOSTNAME}${HOSTNAME_SUFFIX}
templates:
# Templates are similar to Hosts, you can inherits from them
# but you cannot ssh to a template
bart-template:
User: bart
lisa-template:
User: lisa
simpson-template:
Host: home.simpson.springfield.us
defaults:
# Defaults are applied to each hosts
ControlMaster: auto
ControlPath: ~/tmp/.ssh/cm/%h-%p-%r.sock
ControlPersist: yes
Port: 22
User: bob
includes:
- ~/.ssh/assh.d/*.yml
- /etc/assh.yml
- $ENV_VAR/blah-blah-*/*.ymlA HOST and the defaults section may
assh usage
NAME:
assh - advanced ssh config
USAGE:
assh [global options] command [command options] [arguments...]
VERSION:
2.0.0 (HEAD)
AUTHOR(S):
Manfred Touron <https://github.com/moul/advanced-ssh-config>
COMMANDS:
proxy Open an SSH connection to HOST
stats Print statistics
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--debug, -D Enable debug mode
--verbose, -V Enable verbose mode
--help, -h show help
--version, -v print the version
Get the latest version using GO (recommended way):
go get -u github.com/moul/advanced-ssh-config/cmd/asshGet the latest version using homebrew (Mac OS X):
brew install https://raw.githubusercontent.com/moul/advanced-ssh-config/master/contrib/homebrew/assh.rb --HEADor the latest released version:
brew install https://raw.githubusercontent.com/moul/advanced-ssh-config/master/contrib/homebrew/assh.rbGet a released version on: https://github.com/moul/advanced-ssh-config/releases
- Backup your old
~/.ssh/config:cp ~/.ssh/config ~/.ssh/config.backup - Create a new
~/.ssh/assh.ymlfile - Run
assh build > ~/.ssh/configto validate the syntax of your~/.ssh/assh.ymlfile and automatically build your~/.ssh/configfile - You are ready!
- No entry
- Avoid exiting when an included file contains errors (#95)
- Anonymize paths in
assh info - Support of
assh proxy --dry-runoption - Fix: do not resolve variables in hostnames twice (#103)
- Expand environment variables (#86)
- Add homebrew support (#73)
- Add a 'ssh info' command (#71)
- Templates support (#52)
- Configuration is now case insensitive (#51)
- Fix: resolving host fields for gateways (#79)
- Fix: inheritance was not working for non assh-related fields (#54)
- Fix: expanding variables in HostName (#56)
- First Golang version
- Compatibility issue: complete switch from
.inifile format to.yml, the~/.ssh/assh.ymlfile needs to be manually crafted - Features
- Parses
~/.ssh/assh.ymland generates~/.ssh/configdynamically - CLI: Use gateways from CLI without any configuration needed
- Config: Declares gateways in coniguration
- Config: Host inheritance
- Config: Support of
includes - Config: Support of Regex
- Config: Handling all sshconfig fields
- Config: Support of host
ProxyCommand(inception) - Under the hood: Inspecting parent process verbose/debug mode
- Under the hook: dynamic proxy using raw TCP, netcat
- Parses
v1 (2015-07-22)
- Last Python version
POC (2010-08-26)
- First Python version (POC)
Experimental: assh may run in Docker, however you will have limitations:
- The
asshcontainers does not have any binaries exceptassh, you can't useProxyCommand,ResolveCommand... - Docker may run on another host,
ssh localhostwill ssh to Docker host
docker run -it --rm -v ~/.ssh:/.ssh moul/assh --helpassh in Docker is slower and has more limitations, but it may be useful for testing or if you plan to use a Docker host as a remote Gateway
- v1 (2009-2015) - The original implementation. It worked quite well, but was a lot slower, less portable, harder to install for the user and harder to work on to develop new features and fix bugs
© 2009-2016 Manfred Touron - MIT License
