I use bastions for nearly all of my communication with servers. It is all done via my ~/.ssh/config file. Something like:
Host bastion User myuser HostName bastion.example.org ProxyCommand none IdentityFile ~/.ssh/id_rsa BatchMode yes PasswordAuthentication no Host * ServerAliveInterval 60 TCPKeepAlive yes ProxyCommand ssh -qaY bastion 'nc -w 14400 %h %p' ControlMaster auto ControlPath ~/.ssh/mux-%r@%h:%p ControlPersist 8h In ~/.ansible.cfg I then have [ssh_connection] ssh_args = -o ControlPersist=15m -F ~/.ssh/config scp_if_ssh = True control_path = ~/.ssh/mux-%%r@%%h:%%p Nothing else required. I execute ansible and all my connections go through the bastion. Your "Host *" might benefit from being more targeted. In any case, I also have to use these same configs for normal SSH access, so for me it makes sense to just have them in my ssh config. I really don't see a need to modify anything within Ansible to do this. -- Matt Martz m...@sivel.net On February 5, 2014 at 2:09:24 PM, Adam Heath (a...@brainfood.com) wrote: I just looked over ssh.py and ssh_old.py; if I were to actually want to sit down and do this, I would factor those 2 classes, into a common base class, then introduce a third version that supported ProxyCommand. ps: I notice something odd in the two files above: == - def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su=False, su_user=None): + def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su_user=None, su=False): == Why is the order of the last 2 args reversed for those two files? Seems like it might cause some confusion. On 02/05/2014 01:51 PM, Adam Heath wrote: > I've had musings on that too. Currently, I think you'd have to manually > configure $HOME/.ssh/config, with ProxyCommand. > > However, I just had a thought. What if there was an > ansible_ssh_proxy=$other_inventory_host feature? When set, ansible > would auto-add the -o ProxyCommand="$something". > > This is just some random brainstorm ramblings. > > On 02/05/2014 12:59 PM, Jeff Lord wrote: >> Hello, >> >> I am building out an env in AWS using ansible and would like to >> configure all of my hosts by running through a single bastion host which >> has port 22 open. >> Laptop -> AWS Bastion -> AWS private network instances >> >> Is there a good example of how to configure the proxy around? >> >> Thank You in advance, > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
