Make jumphosts and knock easier without messing up your ssh config.
- Consolidate ssh knock config into dedicated config file
- No dependency on knockd
- Clone the repo in your home folder:
git clone https://github.com/timo-reymann/ssh-knock-interceptor.git $HOME/.ssh-knock-interceptor
- Add to your ssh config:
Host *.example.com ProxyCommand bash -c 'source $HOME/.ssh-knock-interceptor/init %h %p'
- Create the config file for the knock hosts in
.ssh/knock-config:[app*.example.com] sequence = 1000 2000 3000 host = jumphost-apps.example.com [web*.example.com] sequence = 1001 2001 3001 host = jumphost-webservers.example.com [advanced*.example.com] use_udp = true sequence = 1001 2001:tcp 3001 host = jumphost-webservers.example.com
Maintaining knock commands in your ssh config becomes a huge mess over time.
It consists of three parts:
- Python script
- parse and validate ini file
- knock with python
- Bash wrapper
- to source env vars
- execute ssh command in same tty
- Integration into existing ssh config
I love your input! I want to make contributing to this project as easy and transparent as possible, whether it's:
- Reporting a bug
- Discussing the current state of the configuration
- Submitting a fix
- Proposing new features
- Becoming a maintainer
To get started please read the Contribution Guidelines.