# SSH client configuration for WMF use.

# Turn this on for Match to work.
CanonicalizeHostname yes

# Defaults for all WMF hosts.
Match host=*.wikimedia.org,*.wmnet,*.wmflabs,*.wmflabs.org
    ForwardAgent no
    IdentitiesOnly yes
    KbdInteractiveAuthentication no
    PasswordAuthentication no
    User liw
    UserKnownHostsFile ~/.ssh/known_hosts.d/wmf-prod

# Configure the initial connection to the bastion host, with the one
# HostName closest to you
Host bast
    HostName bast3004.wikimedia.org
    IdentityFile ~/.ssh/prod.key

# Other bastion hosts.
Host bast*.wikimedia.org
    IdentityFile ~/.ssh/prod.key

Host labsbast
    HostName primary.bastion.wmflabs.org
    IdentityFile ~/.ssh/lab.key

# Proxy all connections to internal servers through the bastion host
Host *.wmnet *.wikimedia.org !gerrit.wikimedia.org !bast*.wikimedia.org
    ProxyJump bast
    IdentityFile ~/.ssh/prod.key

Host *.wmflabs
    ProxyJump labsbast
    IdentityFile ~/.ssh/lab.key

Host gerrit.wikimedia.org
    Port 29418
    IdentityFile ~/.ssh/lab.key