如何根据本地子网自动切换ssh配置? [英] How to automatically switch ssh config based on local subnet?

问题描述

当我在某个网络(子网是 10.10.11.x)上时，我需要跳过一个中间主机才能到达我的目的地，因为我无法更改目标端口并且我可以退出的端口有限受限网络.我成功地使用了如下所示的 ssh 配置:

When I'm on a certain network (subnet is 10.10.11.x) I need to jump through an intermediate host to reach my destination because of destination port I can't change and limited ports on which I can exit the restricted network. I use a ssh config like the following with success:

Host web-direct web
    HostName web.example.com
    Port 1111

Host web-via-jump jweb
    HostName web.example.com
    Port 1111
    ForwardAgent yes
    ProxyCommand ssh -p 110 -q relay.example.com nc %h %p

通过 jumpbox 是一个重大的性能损失，所以我需要在大多数不需要的时候避免它.切换 ssh/scp/rsync 主机昵称适合交互式使用，但有一些自动化/脚本化的任务非常痛苦.

Going through the jumpbox is a significant performance hit so I need to avoid it for the majority of times it is not needed. Switching the ssh/scp/rsync host nickname is fine for interactive use but there are some automated/scripted tasks which it is very painful.

我的 shell 在网络转换期间保持打开状态，因此启动 (.zshrc) 机制无济于事.

My shell stays open across network transitions so startup (.zshrc) mechanisms don't help.

我想过运行一个脚本来轮询受限制的子网并通过修改 .ssh/config 文件来自动化切换，但我什至不确定会出现缓存问题.在实施之前，我想我会问是否有更好的方法.

I've thought of running a script to poll for the restricted subnet and automate the switch by modifying the .ssh/config file but I'm not even sure there would be a caching issue. Before I implement that, I thought I would ask if there is a better approach.

基于原始主机子网检测换出 ssh 配置的最佳方法是什么?

What's the best approach for swapping out ssh config based on origin host subnet detection?

在伪配置中，类似于:

if <any-active-local-interface> is on 10.10.11.x:
    Host web
        HostName web.example.com
        Port 1111
        ForwardAgent yes
        ProxyCommand ssh -p 110 -q relay.example.com nc %h %p
else:    
    Host web
        HostName web.example.com
        Port 1111
endif

推荐答案

基于 答案 by Fedor Dikarev，Mike 创建一个名为 onsubnet 的 bash 脚本:

Based on the answer by Fedor Dikarev, Mike created a bash script named onsubnet:

#!/usr/bin/env bash

if [[ "$1" == "--help" ]] || [[ "$1" == "-h" ]]  || [[ "$1" == "" ]] ; then
  printf "Usage:\n\tonsubnet [ --not ] partial-ip-address\n\n"
  printf "Example:\n\tonsubnet 10.10.\n\tonsubnet --not 192.168.0.\n\n"
  printf "Note:\n\tThe partial-ip-address must match starting at the first\n"
  printf "\tcharacter of the ip-address, therefore the first example\n"
  printf "\tabove will match 10.10.10.1 but not 110.10.10.1\n"
  exit 0
fi

on=0
off=1
if [[ "$1" == "--not" ]] ; then
  shift
  on=1
  off=0
fi

regexp="^$(sed 's/\./\\./g' <<<"$1")"

if [[ "$(uname)" == "Darwin" ]] ; then
  ifconfig | fgrep 'inet ' | fgrep -v 127.0.0. | cut -d ' ' -f 2 | egrep -q "$regexp"
else
  hostname -I | tr -s " " "\012" | fgrep -v 127.0.0. | egrep -q "$regexp"
fi

if [[ $? == 0 ]]; then 
  exit $on
else
  exit $off
fi

然后在他的 .ssh/config 文件中，他使用 Match exec 像 Jakuje 的回答:

Then in his .ssh/config file, he uses Match exec like Jakuje's answer:

Match exec "onsubnet 10.10.1." host my-server
    HostName web.example.com
    Port 1111
    ForwardAgent yes
    ProxyCommand ssh -p 110 -q relay.example.com nc %h %p

Match exec "onsubnet --not 10.10.1." host my-server
    HostName web.example.com
    Port 1111

这篇关于如何根据本地子网自动切换ssh配置?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！