Reputation: 1866
ssh-config by host subnet
I have a whole bunch of machines on my 10.10.10.x subnet, all of them are essentially configured in the same way. I differentiate these from machines on my 10.10.11.x subnet which serves a different purpose.
I'd like to be able to type ssh 10.x to connect to machines on the 10.x network and ssh 11.x to connect to machines on the 11.x network.
I know I can set up individual machines to allow access to the full IP, or the shorthand version like this in my ~/.ssh/config:
Host 10.10.10.11 10.11
HostName 10.10.10.11
User root
This can get pretty repetitive for lots of hosts on my network, so my question is: Is there a way to specify this as a pattern for the entire subnet? Something like:
Host 10.10.10.x
User root
Host 10.x
HostName 10.10.10.x
User root
Upvotes: 28
Views: 29767
Answers (3)
Reputation: 9332
I noticed your comment about mapping:
This basically works how I want, but is there a way you can access the
*part, for example my use case above of wanting to map a certain range into aHostNameby pattern?
…Which you can accomplish with tokens. In your case, use %h to replace a part of the HostName with the Host value.
I have changed the match pattern to use ?s instead of *s to constrain the length of the matched segment. This avoids some confusion wherein 10.* also matches 10.10.10.x. Technically, you can add an explicit HostName to the 4-octet IPs' Host blocks and make sure they occur before the shortcut blocks, but using ? is more foolproof.
Put blocks like these into your ~/.ssh/config alongside your full IP configuration:
Host 10.? 10.?? 10.1??
HostName 10.10.%h
# Your parameters here.
Host 11.? 11.?? 11.1??
HostName 10.10.%h
# Your parameters here.
Or, if you want to keep the config for 10.10.10.x centralized with the config for 10.x, you can tell SSH to convert the hostname and take another pass through the config document, like this:
# Both patterns can be combined into one block here because they share
# the same `HostName` stem and the differing config is set elsewhere.
Host 10.? 10.?? 10.1?? 11.? 11.?? 11.1??
HostName 10.10.%h
CanonicalizeHostname yes
Host 10.10.10.*
# Your parameters here.
Host 10.10.11.*
# Your parameters here.
Upvotes: 1
Reputation: 161
From the ssh_config(5) Manpage:
A pattern consists of zero or more non-whitespace characters, ‘*’ (a
wildcard that matches zero or more characters), or ‘?’ (a wildcard that
matches exactly one character). For example, to specify a set of decla‐
rations for any host in the “.co.uk” set of domains, the following pat‐
tern could be used:
Host *.co.uk
The following pattern would match any host in the 192.168.0.[0-9] network
range:
Host 192.168.0.?
A pattern-list is a comma-separated list of patterns. Patterns within
pattern-lists may be negated by preceding them with an exclamation mark
(‘!’). For example, to allow a key to be used from anywhere within an
organisation except from the “dialup” pool, the following entry (in
authorized_keys) could be used:
from="!*.dialup.example.com,*.example.com"
So you can just use host 10.*
Upvotes: 16
Reputation: 2158
This line will provide the desired functionality:
Host 192.168.1.*
IdentityFile KeyFile
If you attempt to connect a server whose ip is in this subnet, you will be able to establish an ssh connection.
Upvotes: 31
Related Questions
- Dynamic aliases to host in ssh config
- How to automatically switch ssh config based on local subnet?
- sshd with multiple match sections, override settings
- Ansible - How to apply a different ssh config to a specific host?
- Is there a way to use a previously specified ssh-config entry in specifying `Hostname`?
- How to dynamically change the host in the SSH config file?
- Using only part of a pattern in SSH Config Hostname
- ssh config host limits
- How to make .ssh/config file Hostname configurable
- Unsetting parameters for specific hosts in SSH config