SSH Client improvements
This article is going to concentrate several SSH client related topics and optimisations I have implemented. Amongst are:
- Managing modular SSH client config
- SSH connection failure from Ubuntu to Oracle Linux 8
- Using SSH jump server transparently
SSH client modular configuration
Initially, the configuration for SSH client should be present (per-user) in the user’s home directory, under .ssh/config. I believe that this configuration file is not modular enough, and when you want to add/edit/remove an entry, you might risk damaging the file. Moreover, if you manage several different computers (like I do) have to do a more complex configuration merging.
SSH allows an include directory. The only(!) configuration directive required for that in .ssh/config file looks like this:
Include config.d/*.conf
If you want to define some defaults and enforce them to be read last, add them below this line. However – for easier management – all you need to do is to create a directory config.d under .ssh and populate it with a modular files. Each file with a .conf suffix, containing its own directive. This makes configuration merging easier and easier to automate.
Ubuntu SSH to OEL8 with ‘Connection Corrupted’ message
I was failing to connect from Ubuntu to OEL8 (and probably RHEL8 as well. Did not test with RHEL9, though) with an error message showing “Connection corrupted” and a “bad packet length”. While now I do not seem to suffer from it anymore, at that time it was very frustrating. I believe that for systems updated at that time this issue might still pose a problem). A custom ciphers limit configuration for the target host could be a very safe around this problem. The configuration file should look like this (placed in the modular configuration directory .ssh/config.d/myserver.conf):
Host 192.168.10.254 myserver.mydomain.com myserver
Ciphers [email protected]
Following that, connection would return to normal. I found the solution here, so I am linking it.
Configuring SSH client to automatically use Jump Server
Using a Jump Server (Bastion) to reach a remote SSH host is a more complex idea. For manual labour, manually skipping through the Jump Server to reach the remote is annoying, but not enough to force me to find a solution. However, when I started using Ansible without direct SSH access to the remote host not through the Jump Server, it became a necessity. It appears the SSH client configuration supports this act, and will allow for through-proxy connection (using automatic key transfer, as it seems with me) to reach the remote host. Moreover – this solution integrates seamlessly with Ansible when the transport is SSH. An example of such a configuration:
Host my-bastion
User root
Hostname 192.168.10.10
Host 172.16.0.*
ProxyJump my-bastion
In this example we can see two definitions – one for the ‘my-bastion’ Jump Server, and one for the entire network of hosts behind it. Now I can run ‘ssh 172.16.0.10’ and the ssh command will automatically jump through my-bastion to reach the remote host.
Additional resources regarding SSH client config file can be found in this knowledge base, from which I took some information to make my ongoing life a little better, and to share here.
