Proxied connections¶
Proxied connections are where you connect to you instances via some kind of SSH proxy, i.e. through a jump box.
Your normal means of initiating an SSH connection could look something like this:
> ssh -o "ProxyCommand ssh -W %h:%p user@jumpboxhost" user@internalhost
by hostname or ip¶
Let’s assume you have a single inventory setup specify your proxy by its hostname or ipaddress:
Your networks.yml would look something like this:
---
:myinventory:
:description: My inventory
:type: inventory
:network:
:type: ec2
:credentials_key: awsreferencekey
:provisioning_region: us-east-1
:ec2_filters:
:instance-state-name: running
:ssh_settings:
:proxy:
:host_lookup: by_host_or_ip
:host_id: "xx.xxx.xxx.xxx"
:ssh_keys:
- "~/.ssh/id_rsa"
:timeout_in_seconds: 10
To initiate connections using a different jump box user, you would modify your ssh_settings block as follows:
...
:ssh_settings:
:proxy:
:host_lookup: by_host_or_ip
:host_id: "xx.xxx.xxx.xxx"
:bastion_host_user: "someotherusername"
:ssh_keys:
- "~/.ssh/id_rsa"
:timeout_in_seconds: 10
...
You may also specify a different username for the internal host as follows:
...
:ssh_settings:
:user: "someotherusername"
:proxy:
:host_lookup: by_host_or_ip
:host_id: "xx.xxx.xxx.xxx"
:bastion_host_user: "someotherusername"
:ssh_keys:
- "~/.ssh/id_rsa"
:timeout_in_seconds: 10
by reference to a bcome instance¶
You can also proxy your SSH connections by reference to another Bcome instance, for example:
...
:ssh_settings:
:proxy:
:host_lookup: by_bcome_namespace
:namespace: "inventory:servername"
:ssh_keys:
- "~/.ssh/id_rsa"
:timeout_in_seconds: 10
...
Note that when specifying a reference Bcome namespace, the highest-level namespace is implicit in the host_lookup declaration.