Hi, It is a good idea to keep the ssh key used to access Labs separate from the ssh keys used to access other systems. I got frustrated at trying to keep my keys organized yesterday, so wrote some stuff to do it for me. Today, I wrote up what I had done (as well as Ryan's approach) at https://labsconsole.wikimedia.org/wiki/Managing_Multiple_SSH_Agents.
The end result is that from any window in my screen session (on either my laptop or, say, bast1001/fenari) I can run 'labs' and it will connect me to the labs bastion host using the correct key, protecting me from accidentally sending my production key to labs. From the bastion host I connect to whichever instance I'm trying to reach. I have not extended this to use the ssh proxycommand, though... hmm. If I extend the labs() function to take an argument, and the use the proxycommand.... Well, that's not working right now, but something to play with. ;) Feel free to crib any or all of it for your own use. -ben
_______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
