0

Here is my standard work ssh config which everyone uses:

host go
  User user
  ProxyJump otherHostname
  StrictHostKeyChecking=no
  UserKnownHostsFile=/dev/null
  IdentityFile ./ssh/key
  ProxyCommand ssh -i ~/.ssh/key -W %h:%p otherUser@OtherHostname

The proxyCommand part bothers me as the whole point of an ssh config is to have no use for commands.

Are there options for the command parameter which would mean there wouldn't be an ssh command in the config?

proxyCommand uses the identityFile and ProxyJump values for the command:

ssh -i ~/.ssh/key -W %h:%p otherUser@OtherHostname

In other words:

ssh -i IdentityFile -W %h:%p differe tUser@ProxyJump
Nickotine
  • 467
  • I got this file from a colleague and it was was very messy, the stuff you see there is host * which I added to simplify things, so if I understand correctly the ProxyCommand isn't even being executed? There isn't even a port specified and the proxyCommand contain %p – Nickotine Oct 31 '23 at 18:17
  • Can you add this as an answer please? and thanks for alleviating my confusion on reading this file. I'll let the guy who made it know. – Nickotine Oct 31 '23 at 18:21

1 Answers1

2

The option to simplify this type of ProxyCommand is ProxyJump*. Use ProxyJump otherHostname and define all custom options for otherHostname in Host otherHostname section. (And in case there is Host *, mind this: for each parameter, the first obtained value will be used.)

But you are using ProxyJump already. The manual states:

Note that this option will compete with the ProxyCommand option - whichever is specified first will prevent later instances of the other from taking effect.

(source: man 5 ssh_config)

Your ProxyJump is first and it will win. This means you have already replaced ProxyCommand, the line with ProxyCommand is useless.

* By "this type" I mean ssh -W %h:%p …. In general ProxyCommand is more powerful, the command can be anything, not necessarily used for actual proxying. E.g. throttling the bandwidth is possible).

Kamil Maciorowski
  • 21,864
  • proxyJump is clearly being used over proxyCommand. Also the parameter for ProxyCommand has a %pfor port which isn't defined, and this file isn't linked to anything else. Many thanks for clearing this up, I will let the team know, they don't seem to be familiar with ssh-configs – Nickotine Nov 01 '23 at 11:24