Some Notes about OpenSSH configuration that comes in handy for me. This is have settings applied on Host or Domain base, use jump servers where needed, find the console for a device or use deprecated encryption when needed.
Basic Options
Host
Hostname
Port
User
Apply Settings per domain
Host *.
Protocol 2
TCPKeepAlive yes
ServerAliveInterval 10
ServerAliveCountMax 5
Send Host through jump if there is no direct connection
Match host *. !host !exec "nc -z 22 || return 0 ; nc -z -w 1 %h %p"
ProxyCommand ssh -W %h:%p
Rewrite Hostnames
Host -* !-*.
Hostname %h.
Avocent
Host +console
Hostname
Port 7001
# Servial Port + 7001
Support older SSH servers – Avocent / Netscreen / Cisco
Host cisco
Hostname
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
HostKeyAlgorithms +ssh-dss,ssh-rsa
Support Ironport SSH servers
Host ironport
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
HostKeyAlgorithms +ssh-dss,ssh-rsa
Cipher +aes128-cbc
Links
- https://backdrift.org/transparent-proxy-with-ssh
- https://dev.to/nabbisen/openssh-configurations-by-hosts-h1g
- https://mike.place/2017/ssh-match/
- https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
Photo by Gabriel Heinzer on Unsplash
Patrick Marc's Networks 