Match specific network inside the SSH client configuration file using Python helper script.
Create ~/.ssh/ipnet.py Python helper script.
#!/usr/bin/env python3
# SSH helper - Check if hostname belongs to network
# Usage: ipnet.py network hostname
# Example: ipnet.py 172.16.0.0/16 172.16.0.1
# Exit codes: 0 - true, 1 - false
import ipaddress
import socket
import sys
exit(
int(
not ipaddress.ip_address(socket.gethostbyname(sys.argv[2]))
in ipaddress.ip_network(sys.argv[1])
)
)
Ensure that the executable bit is set.
$ chmod +x ~/.ssh/pynet.py
Use Python helper script to perform match operation.
Match exec "~/.ssh/pynet.py 172.16.0.0/16 %h" ProxyJump milosz@192.0.2.44:22 User milosz Match User milosz IdentityFile ~/.ssh/milosz Match LocalUser milosz IdentityAgent /home/milosz/.ssh/agent_socket
Verify configuration.
$ ssh -A 172.16.51.15 -vv
OpenSSH_8.1p1 Ubuntu-5, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /home/milosz/.ssh/config
debug2: checking match for 'exec "~/.ssh/pynet.py 172.16.0.0/16 %h"' host 172.16.51.15 originally 172.16.51.15
debug1: Executing command: '~/.ssh/pynet.py 172.16.0.0/16 172.16.51.15'
debug2: match found
debug2: checking match for 'User milosz' host 172.16.51.15 originally 172.16.51.15
debug2: match found
debug2: checking match for 'LocalUser milosz' host 172.16.51.15 originally 172.16.51.15
debug2: match found
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolve_canonicalize: hostname 172.16.51.15 is address
debug1: Setting implicit ProxyCommand from ProxyJump: ssh -l milosz -p 22 -vv -W '[%h]:%p' 192.0.2.44
debug1: Executing proxy command: exec ssh -l milosz -p 22 -vv -W '[172.16.51.15]:22' 192.0.2.44
debug1: identity file /home/milosz/.ssh/milosz type 0
debug1: Local version string SSH-2.0-OpenSSH_8.1p1 Ubuntu-5
OpenSSH_8.1p1 Ubuntu-5, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /home/milosz/.ssh/config
debug2: checking match for 'exec "~/.ssh/pynet.py 172.16.0.0/16 %h"' host 192.0.2.44 originally 192.0.2.44
debug1: Executing command: '~/.ssh/pynet.py 172.16.0.0/16 192.0.2.44'
debug2: match not found
debug2: checking match for 'User milosz' host 192.0.2.44 originally 192.0.2.44
debug2: match found
debug2: checking match for 'LocalUser milosz' host 192.0.2.44 originally 192.0.2.44
debug2: match found
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolve_canonicalize: hostname 192.0.2.44 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.0.2.44 [192.0.2.44] port 22.
debug1: Connection established.
[...]
Authenticated to 192.0.2.44 ([192.0.2.44]:22).
[...]
Authenticated to 172.16.51.15 (via proxy).
[...]
Welcome to Ubuntu 18.04.4 LTS (GNU/Linux 4.18.0-15-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
* Multipass 1.0 is out! Get Ubuntu VMs on demand on your Linux, Windows or
Mac. Supports cloud-init for fast, local, cloud devops simulation.
https://multipass.run/
* Latest Kubernetes 1.18 beta is now available for your laptop, NUC, cloud
instance or Raspberry Pi, with automatic updates to the final GA release.
sudo snap install microk8s --channel=1.18/beta --classic
* Canonical Livepatch is available for installation.
- Reduce system reboots and improve kernel security. Activate at:
https://ubuntu.com/livepatch
Last login: Mon Mar 2 22:43:23 2020 from 192.0.2.44
milosz@development:~$
Oh, that was fun!