🐧 Как проверить конфигурацию клиента OpenSSH

Мануал

Проверьте конфигурацию клиента OpenSSH для поиска и отображения настроенных хостов.

Пример ~/.ssh/config конфигурации клиента OpenSSH.

# OpenSSH SSH client configuration

Host *
  ServerAliveInterval 6
  IdentityAgent /home/milosz/.agent_socket
  ServerAliveCountMax 5

Host 192.0.2.*
  RequestTTY no

Host 192.0.2.15
  RequestTTY yes

Host gitlab
  Port 23
  HostName 192.0.2.134
  User milosz
  IdentityFile ~/.ssh/git

Host jenkins_master
  HostName 10.20.5.2
  Port 22
  User admin

Host jenkins_node_01
  HostName 10.20.5.11
  Port 22
  User node_admin

Host jenkins_node_02
  HostName 10.20.5.12
  Port 22
  User node_admin
Скрипт AWK, используемый для отображения конфигурации клиента OpenSSH или для поиска с использованием переменной QUERY.

ВниманиеЮ я буду игнорировать записи MATCH

$ awk -v QUERY="" -v RS="(Host|Match) [A-Za-z0-9_.* -]+" \
'{
  if (length(host)> 0) {
    split($0,record,"\n");
    for (line in record) 
      if(length(record[line])>0 && record[line] !~ /^#/ && host_line !~ /^Match/) {
        gsub(/^[\ \t]+/,"",record[line]);
        gsub(/[\ \t]+$/,"",record[line]);   

        directive=substr(record[line],1,index(record[line]," ")); 
        value=substr(record[line],index(record[line]," ")); 

        gsub(/^[\ \t]+/,"",value);   
        gsub(/[\ \t]+$/,"",directive); 
          
        if (length(directive)>0 && length(value)>0) records[host][directive]=value;
     }
  }
  host_line=RT
  host=substr(host_line, index(host_line," ")+1)
}  

END {
  PROCINFO["sorted_in"] = "@ind_str_asc"
  if(length(QUERY)>0) {
    for (host in records) {
      found=0
      for(directive in records[host]) {
        if((directive ~ "HostName" && records[host][directive] ~ QUERY) && records[host][directive] !~ /*/) {
          print "\033[34m" host "\033[0m" " -> " records[host][directive]
          found=1
        } 
      }   
      if(host ~ QUERY && host !~ /*/ && found==0) {
        if(records[host]["HostName"]) {
          print "\033[34m" host "\033[0m" " -> " records[host]["HostName"]
        } else {
          print "\033[34m" host "\033[0m"
        }        
      }          
    }  
  } else {
    for (host in records) { 
      printf "\n\033[34m%30s\033[0m\n",host;
      for (directive in records[host])
        printf "%30s = %-40s\n",directive,records[host][directive]
    }   
  }
}' ~/.ssh/config
Опустите переменную QUERY для отображения конфигурации клиента OpenSSH.
             IdentityAgent = /home/milosz/.agent_socket              
           ServerAliveCountMax = 5                                       
           ServerAliveInterval = 6                                       

                     192.0.2.*
                    RequestTTY = no                                      

                    192.0.2.15
                    RequestTTY = yes                                     

                        gitlab
                      HostName = 192.0.2.134                             
                  IdentityFile = ~/.ssh/git                              
                          Port = 23                                      
                          User = milosz                                  

                jenkins_master
                      HostName = 10.20.5.2                               
                          Port = 22                                      
                          User = admin                                   

               jenkins_node_01
                      HostName = 10.20.5.11                              
                          Port = 22                                      
                          User = node_admin                              

               jenkins_node_02
                      HostName = 10.20.5.12                              
                          Port = 22                                      
                          User = node_admin

Определите QUERY = “jenkins” для поиска конкретных хостов.

jenkins_master -> 10.20.5.2
jenkins_node_01 -> 10.20.5.11
jenkins_node_02 -> 10.20.5.12

Определите QUERY = “10.20.5” для поиска определенных хостов или IP-адресов.

jenkins_master -> 10.20.5.2
jenkins_node_01 -> 10.20.5.11
jenkins_node_02 -> 10.20.5.12

Определите QUERY = “192.0.2.134” для поиска определенных хостов или IP-адреса.

gitlab -> 192.0.2.134
Определить QUERY = “192.0.2.”, чтобы искать конкретные хосты или IP-адреса.
192.0.2.15
gitlab -> 192.0.2.134

Используйте ssh-клиент для проверки конфигурации конкретного хоста.

$ ssh -F ~/.ssh/config -G gitlab
user milosz
hostname 192.0.2.134
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardagent no
forwardx11 no
forwardx11trusted yes
gatewayports no
gssapiauthentication yes
gssapidelegatecredentials no
hashknownhosts yes
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication yes
requesttty auto
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
useprivilegedport no
verifyhostkeydns false
visualhostkey no
updatehostkeys false
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 5
serveraliveinterval 6
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostbasedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
identityagent /home/milosz/.agent_socket
kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
loglevel INFO
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
xauthlocation /usr/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_dsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ed25519
canonicaldomains
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2
sendenv LANG
sendenv LC_*
connecttimeout none
tunneldevice any:any
controlpersist no
escapechar ~
ipqos lowdelay throughput
rekeylimit 0 0
streamlocalbindmask 0177

 

Добавить комментарий