[Labs-l] Managing multiple ssh agents to control which key is forwarded to labs

Ben Hartshorne bhartshorne at wikimedia.org
Thu Mar 22 19:12:41 UTC 2012


Hi,

It is a good idea to keep the ssh key used to access Labs separate from the
ssh keys used to access other systems.  I got frustrated at trying to keep
my keys organized yesterday, so wrote some stuff to do it for me.  Today, I
wrote up what I had done (as well as Ryan's approach) at
https://labsconsole.wikimedia.org/wiki/Managing_Multiple_SSH_Agents.

The end result is that from any window in my screen session (on either my
laptop or, say, bast1001/fenari) I can run 'labs' and it will connect me to
the labs bastion host using the correct key, protecting me from
accidentally sending my production key to labs.  From the bastion host I
connect to whichever instance I'm trying to reach.  I have not extended
this to use the ssh proxycommand, though...  hmm.  If I extend the labs()
function to take an argument, and the use the proxycommand....  Well,
that's not working right now, but something to play with.  ;)

Feel free to crib any or all of it for your own use.

-ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20120322/b118b9ae/attachment.html>


More information about the Labs-l mailing list