From 180cd61e306c127e2e1acf9dc3921f5ce5504c6e Mon Sep 17 00:00:00 2001 From: Kenji Morishige Date: Mon, 23 Feb 2026 16:40:50 -0600 Subject: [PATCH] reorganized ssh config --- .ssh/config | 391 +++++++++++++++++++++++++--------------------------- 1 file changed, 186 insertions(+), 205 deletions(-) diff --git a/.ssh/config b/.ssh/config index 9928551..b393a29 100644 --- a/.ssh/config +++ b/.ssh/config @@ -1,227 +1,208 @@ -ForwardAgent yes -#ForwardX11 yes -UserKnownHostsFile /dev/null -StrictHostKeyChecking no -Protocol 2,1 -Compression yes -KeepAlive yes -#ServerAliveInterval 540 -#LocalForward 57711 127.0.0.1:57711 -AddKeysToAgent yes -IgnoreUnknown UseKeychain -UseKeychain yes - -Host k -HostName etqc-kenjim-11.juniper.net -#ProxyJump engdmz -DynamicForward 3139 -# For aws S3 command -LocalForward 8888 qnc-engdata5vs3.juniper.net:80 -# VMM Telemetry DB -#LocalForward 5445 etus-tel-db-k8.ttglb.juniper.net:5432 -# Notification DB -#LocalForward 5446 etus-not-db-k8.ttglb.juniper.net:5432 -# LRM Beta DB -LocalForward 5447 engtech-lrm-snap1-qnc.engtech-pgdb-qnc.qengk8.juniper.net:5432 -# TIM-API DB -#LocalForward 5448 engtech.timdb.qengk8.juniper.net:5432 -# Limited Use -RemoteForward 2222 localhost:22 -ServerAliveInterval 30 -ServerAliveCountMax 20 - -Host zet -HostName 172.27.0.35 -ServerAliveInterval 540 - -Host kenjim-mbm -HostName kenjim-mbm.home.arpa - -Host ktaas -HostName kenjim-taas.qengk8.juniper.net - -Host ttqc-shell -HostName ttqc-shell012.juniper.net - -Host ktq -HostName kenjim-temp.qengk8.juniper.net - -Host ktb -HostName kenjim-temp.bengk8.juniper.net - -Host kold -HostName etqc-kenjim-01.juniper.net +# ============================================================================= +# SSH Client Configuration +# Managed by dotfiles_manager.sh | ~/dotfiles/.ssh/config +# ============================================================================= -# Paul's machine in labdmz -Host p -HostName etqc-pms-02.juniper.net -DynamicForward 3140 +# ============================================================================= +# GLOBAL DEFAULTS +# Applied to every connection unless overridden by a specific Host block. +# ============================================================================= +Host * + AddKeysToAgent yes + IgnoreUnknown UseKeychain + UseKeychain yes + ForwardAgent yes + Compression yes + ServerAliveInterval 60 + ServerAliveCountMax 10 + # Disable strict host checking globally — convenient for ephemeral lab/dev hosts. + # Override per-host below for anything production or security-sensitive. + StrictHostKeyChecking no + UserKnownHostsFile /dev/null -# Quincy K8 Dev Server -Host k8dev -HostName engtech-dev-01.juniper.net -#ProxyJump engdmz -DynamicForward 3132 -# For aws S3 command -LocalForward 8889 qnc-engdata5vs3.juniper.net:80 - -Host ttqc-shell005 -HostName ttqc-shell005 -ProxyJump engdmz - - -Host router -User root -HostName 172.27.0.254 - -Host bar -User root -HostName bar.kenjim.com -DynamicForward 3128 -Port 22 -Compression yes -ServerAliveInterval 540 - -Host akira -HostName lair.kenjim.com -Port 11722 -#RemoteForward 11522 localhost:22 -ForwardAgent yes -ForwardX11 yes -Compression yes -IdentityFile /export/kenjim/.ssh/juniper_kenjim_rsa_id -# for VNCing to home system -#LocalForward 55900 localhost:5900 -#LocalForward 53389 t41xp:3389 -ServerAliveInterval 540 - - -Host akira-mt -HostName 172.27.0.11 -#RemoteForward 11522 localhost:22 -#ForwardAgent yes -#ForwardX11 yes -#Compression yes -#IdentityFile /export/kenjim/.ssh/juniper_kenjim_rsa_id -# for VNCing to home system -#LocalForward 55900 localhost:5900 -#LocalForward 53389 t41xp:3389 -#ServerAliveInterval 540 - -# Port forwarded through home router -Host lair-t430-vm -HostName lair.kenjim.com -Port 11922 -#RemoteForward 11522 localhost:22 -ForwardAgent yes -#ForwardX11 yes -Compression yes -#IdentityFile /export/kenjim/.ssh/juniper_kenjim_rsa_id -# for VNCing to home system -#LocalForward 55900 localhost:5900 -#LocalForward 53389 t41xp:3389 -#ServerAliveInterval 540 - -# This is for connecting from kenjim-lnx -Host mbp -HostName 192.168.0.100 -User kenjim -ForwardAgent yes - -# This is for connecting to mint vm on macbook fusion -Host kenjim-vm -HostName 192.168.168.130 -User kenjim -ForwardAgent yes - -Host p-qnc-tt* -User kenjim -ServerAliveInterval 250 +# ============================================================================= +# WORK — JUMP HOSTS / DMZ +# These are the entry points for all internal Juniper infrastructure. +# ============================================================================= +# Primary engineering DMZ — Quincy Host engdmz -User kenjim -HostName qceng-dmz-01 -Ciphers aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com -ServerAliveInterval 250 -DynamicForward 3130 -LocalForward 5433 10.47.245.41:5432 -# Engineering K8 Clusters -LocalForward 8443 qnengapp1-vip.juniper.net:443 -LocalForward 9443 bnengapp1-vip.juniper.net:443 -LocalForward 5430 10.47.245.65:5432 -# TIM Production -LocalForward 5450 10.47.245.53:5432 -#LocalForward 5452 etus-pgb-lrm.ttglb.juniper.net:5432 -#LocalForward 3306 engtech-metrics.juniper.net:3306 - -Host encdmz -User kenjim -HostName qcencl-dmz-01 -ServerAliveInterval 250 -DynamicForward 3135 + HostName qceng-dmz-01 + User kenjim + DynamicForward 3130 + ServerAliveInterval 250 + Ciphers aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com + # Postgres DB forwards + LocalForward 5430 10.47.245.65:5432 # engtech secondary + LocalForward 5433 10.47.245.41:5432 # engtech primary + LocalForward 5450 10.47.245.53:5432 # TIM production + # K8 cluster API forwards + LocalForward 8443 qnengapp1-vip.juniper.net:443 # Quincy K8 + LocalForward 9443 bnengapp1-vip.juniper.net:443 # Bangalore K8 +# Lab DMZ — TTQC Host labdmz -User kenjim -HostName ttqc-tim-sh01.juniper.net -Ciphers aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com -ServerAliveInterval 250 -DynamicForward 3129 -#LocalForward 22211 ttqc-tim-sh01:22 -#LocalForward 22221 ttqc-awx-01:22 -#LocalForward 22222 ttqc-awx-02:22 -#LocalForward 22231 ttqc-tim-app-01:22 -#LocalForward 22232 ttqc-tim-app-02:22 -#LocalForward 22233 ttqc-tim-app-03:22 -#LocalForward 22234 ttqc-tim-app-04:22 -#LocalForward 22235 ttqc-tim-app-05:22 -#LocalForward 22236 ttqc-tim-app-06:22 -#LocalForward 22241 ttqc-tim-utl-01:22 -#LocalForward 22242 ttqc-tim-utl-02:22 -#LocalForward 6548 etus-pgb-lrm-snap1.ttglb.juniper.net:6548 -LocalForward 6548 etus-pgb-lrm.ttglb.juniper.net:6548 -#LocalForward 5433 ttqc-testdb-01:5432 -#LocalForward 7432 p-qnc-ttdb03.juniper.net:5432 + HostName ttqc-tim-sh01.juniper.net + User kenjim + DynamicForward 3129 + ServerAliveInterval 250 + Ciphers aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com + LocalForward 6548 etus-pgb-lrm.ttglb.juniper.net:6548 # LRM DB -#Host etqc-awx-ez-* -#Compression yes -#ServerAliveInterval 60 -#ProxyJump engdmz +# Encrypted engineering DMZ — Quincy +Host encdmz + HostName qcencl-dmz-01 + User kenjim + DynamicForward 3135 + ServerAliveInterval 250 +# eVNC DMZ Host evncdmz -User kenjim -HostName qceng-evnc-02.juniper.net + HostName qceng-evnc-02.juniper.net + User kenjim -# Bangalore K8 Dev Server + +# ============================================================================= +# WORK — DEV / K8 MACHINES +# ============================================================================= + +# Primary dev machine — Quincy K8 +Host k + HostName etqc-kenjim-11.juniper.net + DynamicForward 3139 + ServerAliveInterval 30 + ServerAliveCountMax 20 + RemoteForward 2222 localhost:22 + LocalForward 8888 qnc-engdata5vs3.juniper.net:80 # S3 proxy + LocalForward 5447 engtech-lrm-snap1-qnc.engtech-pgdb-qnc.qengk8.juniper.net:5432 # LRM Beta DB + # ProxyJump engdmz + +# Previous dev machine +Host kold + HostName etqc-kenjim-01.juniper.net + +# TaaS dev machine +Host ktaas + HostName kenjim-taas.qengk8.juniper.net + +# Temp machine — Bangalore K8 +Host ktb + HostName kenjim-temp.bengk8.juniper.net + +# Shared dev server — Quincy K8 +Host k8dev + HostName engtech-dev-01.juniper.net + DynamicForward 3132 + LocalForward 8889 qnc-engdata5vs3.juniper.net:80 # S3 proxy + # ProxyJump engdmz + +# Shared dev server — Bangalore K8 Host k8devb -HostName engtech-bdev-01 -ProxyJump engdmz + HostName engtech-bdev-01 + ProxyJump engdmz -Host etqc-pgtools-01 -HostName etqc-pgtools-01 -ProxyJump engdmz -Host etbg-vmpgdb-02 -HostName etbg-vmpgdb-02 -ProxyJump engdmz -DynamicForward 3133 +# ============================================================================= +# WORK — LAB INFRASTRUCTURE +# ============================================================================= -Host etqc-tim-agt-* -ProxyJump engdmz +# Paul's machine (via labdmz) +Host p + HostName etqc-pms-02.juniper.net + DynamicForward 3140 -Host pfsense -HostName 172.27.0.1 -User root +# TTQC shell server +Host ttqc-shell + HostName ttqc-shell012.juniper.net +# TTQC shell server (via engdmz) +Host ttqc-shell005 + HostName ttqc-shell005 + ProxyJump engdmz + +# TTQC test DB (via labdmz) Host ttqc-testdb-01 -#LocalForward 5433 localhost:5432 -ProxyJump labdmz + ProxyJump labdmz +# DLM database host Host etqc-dlm-db-01 -HostName etqc-dlm-db-01 -User kenjim -LocalForward 5433 localhost:5431 + HostName etqc-dlm-db-01 + User kenjim + LocalForward 5433 localhost:5431 -Host awx-lz-01 -HostName etqc-awx-lz-01 +# TIM agent hosts — wildcard (via engdmz) +Host etqc-tim-agt-* + ProxyJump engdmz + + +# ============================================================================= +# HOME NETWORK (172.27.0.0/24) +# ============================================================================= + +# Local Gitea server +Host zet + HostName 172.27.0.35 + ServerAliveInterval 540 + +# Local home router (pfSense) +Host pfsense + HostName 172.27.0.1 + User root + +# Secondary home router / gateway +Host router + HostName 172.27.0.254 + User root + +# Second Mac (MacBook Mini) +Host kenjim-mbm + HostName kenjim-mbm.home.arpa + +# Home server — internal LAN IP +Host akira-mt + HostName 172.27.0.11 + + +# ============================================================================= +# PERSONAL REMOTE MACHINES +# ============================================================================= + +# Primary home server — external access +Host akira + HostName lair.kenjim.com + Port 11722 + ForwardAgent yes + ForwardX11 yes + Compression yes + ServerAliveInterval 540 + # LocalForward 55900 localhost:5900 # VNC to home display + # LocalForward 53389 t41xp:3389 # RDP to Windows box + +# Home server — t430 VM (port-forwarded through router) +Host lair-t430-vm + HostName lair.kenjim.com + Port 11922 + ForwardAgent yes + Compression yes + +# Personal VPS / bastion +Host bar + HostName bar.kenjim.com + User root + DynamicForward 3128 + Compression yes + ServerAliveInterval 540 + +# MacBook Pro (accessed from kenjim-lnx on LAN) +Host mbp + HostName 192.168.0.100 + User kenjim + ForwardAgent yes + +# Mint VM on MacBook (VMware Fusion) +Host kenjim-vm + HostName 192.168.168.130 + User kenjim + ForwardAgent yes \ No newline at end of file