# Turn CanonicalizeHostname on for Match to work below.
CanonicalizeHostname yes

# Defaults for all Wikimedia Foundation hosts.
Match host=*.wikimedia.org,*.wmnet
    ForwardAgent no
    IdentitiesOnly yes
    KbdInteractiveAuthentication no
    PasswordAuthentication no
    User hghani

# Configure the initial connection to the bastion host, with the one
# HostName closest to you.
Host bast
    HostName bast1003.wikimedia.org
    IdentityFile ~/.ssh/id_rsa
    # In theory this User line shouldn't be necessary due to the Match above,
    # but in practice it seems to be.  In any case, it doesn't hurt.
    User hghani

# Proxy all connections to internal servers through the bastion host.
Host *.wmnet *.wikimedia.org !gerrit.wikimedia.org !bast*.wikimedia.org !gitlab.wikimedia.org
    ProxyJump bast
    IdentityFile ~/.ssh/id_rsa

# Configure direct connection to the bastion hosts.
Host bast*.wikimedia.org
    IdentityFile ~/.ssh/id_rsa

Host gerrit.wikimedia.org
    Port 29418
    IdentityFile ~/.ssh/cloud.key