summaryrefslogtreecommitdiff
path: root/ssh/config-wmf
blob: 3a253c0934dd0ff0b764d125596e897473a6e4e8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# SSH client configuration for WMF use.

# Turn this on for Match to work.
CanonicalizeHostname yes

# Defaults for all WMF hosts.
Match host=*.wikimedia.org,*.wmnet,*.wmflabs,*.wmflabs.org
    ForwardAgent no
    IdentitiesOnly yes
    KbdInteractiveAuthentication no
    PasswordAuthentication no
    User liw
    UserKnownHostsFile ~/.ssh/known_hosts.d/wmf-prod

# Configure the initial connection to the bastion host, with the one
# HostName closest to you
Host bast
    HostName bast3004.wikimedia.org
    IdentityFile ~/.ssh/prod.key

# Other bastion hosts.
Host bast*.wikimedia.org
    IdentityFile ~/.ssh/prod.key

Host labsbast
    HostName primary.bastion.wmflabs.org
    IdentityFile ~/.ssh/lab.key

# Proxy all connections to internal servers through the bastion host
Host *.wmnet *.wikimedia.org !gerrit.wikimedia.org !bast*.wikimedia.org
    ProxyJump bast
    IdentityFile ~/.ssh/prod.key

Host *.wmflabs
    ProxyJump labsbast
    IdentityFile ~/.ssh/lab.key

Host gerrit.wikimedia.org
    Port 29418
    IdentityFile ~/.ssh/lab.key