# Content of hashar ~/.ssh/config

# Default key:
IdentityFile ~/.ssh/general_key.pub

# Production realms
Host *.wikimedia.org *.wmnet
    # Key dedicated to Wikimedia production
    IdentityFile ~/.ssh/wmf_id_rsa.pub
    IdentitiesOnly yes
    StrictHostKeyChecking yes
    # I fetch the list of known hosts from tin. In my bashrc:
    #
    # function update-ssh-known-hosts () {
    #   echo "Updating ssh known hosts from tin.eqiad.wmnet"
    #   scp tin.eqiad.wmnet:/etc/ssh/ssh_known_hosts ~/.ssh/known_hosts-wmf
    # }
    UserKnownHostsFile ~/.ssh/known_hosts-wmf

    # My laptop user is something else
    User hashar


# For wmf labs
Host *.wmflabs.org
    # Key dedicated to wmflabs
    IdentityFile ~/.ssh/labs_id_rsa.pub
    IdentitiesOnly yes

    # My laptop user is something else
    User hashar


Host *.wmflabs
    # My laptop user is something else
    User hashar

# Create a fake host in ssh
Host bastion.eqiad.wmflabs
    # Real hostname
    Hostname bastion2.wmflabs.org
    ProxyCommand none

# Create fake local alias for ssh, let me use:  ssh deployment-bastion.eqiad.wmflabs
# the hostname will be recognized by the labs bastion

Host *.eqiad.wmflabs
    # Magic command, connect to the labs bastion and forward to whatever host I have asked
    ProxyCommand ssh -a -W %h:%p bastion.eqiad.wmflabs

# Similar configuration for production hosts.
# gallium has a public IP but needs to be accessed via a bastion
#
# I can do:
#  ssh mw1001.eqiad.wmnet
# ssh on my laptop will connect to bast1001 and from there ask to connect to mw1001.eqiad.wmnet
# which is known to the DNS server there.

Host *.eqiad.wmnet people.wikimedia.org gallium.wikimedia.org
    # EQIAD bastion
    ProxyCommand ssh -a -W %h:%p bast1001.wikimedia.org