reorganized ssh config

2026-02-23 16:40:50 -06:00
parent 5e8bacc0e5
commit 180cd61e30
1 changed files with 186 additions and 205 deletions
--- a/.ssh/config
+++ b/.ssh/config
@@ -1,227 +1,208 @@
-ForwardAgent yes
+# =============================================================================
-#ForwardX11 yes
+# SSH Client Configuration
-UserKnownHostsFile /dev/null
+# Managed by dotfiles_manager.sh | ~/dotfiles/.ssh/config
-StrictHostKeyChecking no
+# =============================================================================
-Protocol 2,1
+
-Compression yes
+
-KeepAlive yes
+# =============================================================================
-#ServerAliveInterval 540
+# GLOBAL DEFAULTS
-#LocalForward 57711 127.0.0.1:57711
+# Applied to every connection unless overridden by a specific Host block.
 # =============================================================================
 Host *
    AddKeysToAgent       yes
    IgnoreUnknown        UseKeychain
    UseKeychain          yes
    ForwardAgent         yes
    Compression          yes
    ServerAliveInterval  60
    ServerAliveCountMax  10
    # Disable strict host checking globally — convenient for ephemeral lab/dev hosts.
    # Override per-host below for anything production or security-sensitive.
    StrictHostKeyChecking  no
    UserKnownHostsFile     /dev/null
 # =============================================================================
 # WORK — JUMP HOSTS / DMZ
 # These are the entry points for all internal Juniper infrastructure.
 # =============================================================================
 # Primary engineering DMZ — Quincy
 Host engdmz
    HostName             qceng-dmz-01
    User                 kenjim
    DynamicForward       3130
    ServerAliveInterval  250
    Ciphers              aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    # Postgres DB forwards
    LocalForward  5430  10.47.245.65:5432              # engtech secondary
    LocalForward  5433  10.47.245.41:5432              # engtech primary
    LocalForward  5450  10.47.245.53:5432              # TIM production
    # K8 cluster API forwards
    LocalForward  8443  qnengapp1-vip.juniper.net:443  # Quincy K8
    LocalForward  9443  bnengapp1-vip.juniper.net:443  # Bangalore K8
 # Lab DMZ — TTQC
 Host labdmz
    HostName             ttqc-tim-sh01.juniper.net
    User                 kenjim
    DynamicForward       3129
    ServerAliveInterval  250
    Ciphers              aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    LocalForward  6548  etus-pgb-lrm.ttglb.juniper.net:6548   # LRM DB
 # Encrypted engineering DMZ — Quincy
 Host encdmz
    HostName             qcencl-dmz-01
    User                 kenjim
    DynamicForward       3135
    ServerAliveInterval  250
 # eVNC DMZ
 Host evncdmz
    HostName  qceng-evnc-02.juniper.net
    User      kenjim
 # =============================================================================
 # WORK — DEV / K8 MACHINES
 # =============================================================================
 # Primary dev machine — Quincy K8
 Host k
    HostName             etqc-kenjim-11.juniper.net
 #ProxyJump engdmz
    DynamicForward       3139
 # For aws S3 command
 LocalForward 8888 qnc-engdata5vs3.juniper.net:80
 # VMM Telemetry DB
 #LocalForward 5445 etus-tel-db-k8.ttglb.juniper.net:5432
 # Notification DB
 #LocalForward 5446 etus-not-db-k8.ttglb.juniper.net:5432
 # LRM Beta DB
 LocalForward 5447 engtech-lrm-snap1-qnc.engtech-pgdb-qnc.qengk8.juniper.net:5432
 # TIM-API DB
 #LocalForward 5448 engtech.timdb.qengk8.juniper.net:5432
 # Limited Use
 RemoteForward 2222 localhost:22
    ServerAliveInterval  30
    ServerAliveCountMax  20
    RemoteForward        2222 localhost:22
    LocalForward         8888 qnc-engdata5vs3.juniper.net:80                                    # S3 proxy
    LocalForward         5447 engtech-lrm-snap1-qnc.engtech-pgdb-qnc.qengk8.juniper.net:5432   # LRM Beta DB
    # ProxyJump engdmz
-Host zet
+# Previous dev machine
 HostName 172.27.0.35
 ServerAliveInterval 540
 Host kenjim-mbm
 HostName kenjim-mbm.home.arpa
 Host ktaas
 HostName kenjim-taas.qengk8.juniper.net 
 Host ttqc-shell
 HostName ttqc-shell012.juniper.net
 Host ktq
 HostName kenjim-temp.qengk8.juniper.net 
 Host ktb
 HostName kenjim-temp.bengk8.juniper.net 
 Host kold
    HostName  etqc-kenjim-01.juniper.net
 # TaaS dev machine
 Host ktaas
    HostName  kenjim-taas.qengk8.juniper.net
-# Paul's machine in labdmz
+# Temp machine — Bangalore K8
-Host p
+Host ktb
-HostName etqc-pms-02.juniper.net
+    HostName  kenjim-temp.bengk8.juniper.net
 DynamicForward 3140
-
+# Shared dev server — Quincy K8
 # Quincy K8 Dev Server
 Host k8dev
    HostName        engtech-dev-01.juniper.net
 #ProxyJump engdmz
    DynamicForward  3132
-# For aws S3 command
+    LocalForward    8889 qnc-engdata5vs3.juniper.net:80   # S3 proxy
 LocalForward 8889 qnc-engdata5vs3.juniper.net:80
 Host ttqc-shell005
 HostName ttqc-shell005
 ProxyJump engdmz
 Host router
 User root
 HostName 172.27.0.254
 Host bar
 User root
 HostName bar.kenjim.com
 DynamicForward 3128
 Port 22
 Compression yes
 ServerAliveInterval 540
 Host akira
 HostName lair.kenjim.com
 Port 11722
 #RemoteForward 11522 localhost:22
 ForwardAgent yes
 ForwardX11 yes
 Compression yes
 IdentityFile /export/kenjim/.ssh/juniper_kenjim_rsa_id
 # for VNCing to home system
 #LocalForward 55900 localhost:5900
 #LocalForward 53389 t41xp:3389
 ServerAliveInterval 540
 Host akira-mt
 HostName 172.27.0.11
 #RemoteForward 11522 localhost:22
 #ForwardAgent yes
 #ForwardX11 yes
 #Compression yes
 #IdentityFile /export/kenjim/.ssh/juniper_kenjim_rsa_id
 # for VNCing to home system
 #LocalForward 55900 localhost:5900
 #LocalForward 53389 t41xp:3389
 #ServerAliveInterval 540
 # Port forwarded through home router
 Host lair-t430-vm
 HostName lair.kenjim.com
 Port 11922
 #RemoteForward 11522 localhost:22
 ForwardAgent yes
 #ForwardX11 yes
 Compression yes
 #IdentityFile /export/kenjim/.ssh/juniper_kenjim_rsa_id
 # for VNCing to home system
 #LocalForward 55900 localhost:5900
 #LocalForward 53389 t41xp:3389
 #ServerAliveInterval 540
 # This is for connecting from kenjim-lnx
 Host mbp
 HostName 192.168.0.100
 User kenjim
 ForwardAgent yes
 # This is for connecting to mint vm on macbook fusion
 Host kenjim-vm
 HostName 192.168.168.130
 User kenjim
 ForwardAgent yes
 Host p-qnc-tt*
 User kenjim
 ServerAliveInterval 250
 Host engdmz
 User kenjim
 HostName qceng-dmz-01
 Ciphers aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
 ServerAliveInterval 250
 DynamicForward 3130
 LocalForward 5433 10.47.245.41:5432
 # Engineering K8 Clusters
 LocalForward 8443 qnengapp1-vip.juniper.net:443
 LocalForward 9443 bnengapp1-vip.juniper.net:443
 LocalForward 5430 10.47.245.65:5432
 # TIM Production
 LocalForward 5450 10.47.245.53:5432
 #LocalForward 5452 etus-pgb-lrm.ttglb.juniper.net:5432
 #LocalForward 3306 engtech-metrics.juniper.net:3306
 Host encdmz
 User kenjim
 HostName qcencl-dmz-01
 ServerAliveInterval 250
 DynamicForward 3135
 Host labdmz
 User kenjim
 HostName ttqc-tim-sh01.juniper.net
 Ciphers aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
 ServerAliveInterval 250
 DynamicForward 3129
 #LocalForward 22211 ttqc-tim-sh01:22
 #LocalForward 22221 ttqc-awx-01:22
 #LocalForward 22222 ttqc-awx-02:22
 #LocalForward 22231 ttqc-tim-app-01:22
 #LocalForward 22232 ttqc-tim-app-02:22
 #LocalForward 22233 ttqc-tim-app-03:22
 #LocalForward 22234 ttqc-tim-app-04:22
 #LocalForward 22235 ttqc-tim-app-05:22
 #LocalForward 22236 ttqc-tim-app-06:22
 #LocalForward 22241 ttqc-tim-utl-01:22
 #LocalForward 22242 ttqc-tim-utl-02:22
 #LocalForward 6548 etus-pgb-lrm-snap1.ttglb.juniper.net:6548
 LocalForward 6548 etus-pgb-lrm.ttglb.juniper.net:6548
 #LocalForward 5433 ttqc-testdb-01:5432
 #LocalForward 7432  p-qnc-ttdb03.juniper.net:5432
 #Host etqc-awx-ez-*
 #Compression yes
 #ServerAliveInterval 60
    # ProxyJump engdmz
-Host evncdmz
+# Shared dev server — Bangalore K8
 User kenjim
 HostName qceng-evnc-02.juniper.net
 # Bangalore K8 Dev Server
 Host k8devb
    HostName   engtech-bdev-01
    ProxyJump  engdmz
-Host etqc-pgtools-01
+
-HostName etqc-pgtools-01
+# =============================================================================
 # WORK — LAB INFRASTRUCTURE
 # =============================================================================
 # Paul's machine (via labdmz)
 Host p
    HostName        etqc-pms-02.juniper.net
    DynamicForward  3140
 # TTQC shell server
 Host ttqc-shell
    HostName  ttqc-shell012.juniper.net
 # TTQC shell server (via engdmz)
 Host ttqc-shell005
    HostName   ttqc-shell005
    ProxyJump  engdmz
-Host etbg-vmpgdb-02
+# TTQC test DB (via labdmz)
 HostName etbg-vmpgdb-02
 ProxyJump engdmz
 DynamicForward 3133
 Host etqc-tim-agt-*
 ProxyJump engdmz
 Host pfsense
 HostName 172.27.0.1
 User root
 Host ttqc-testdb-01
 #LocalForward 5433 localhost:5432
    ProxyJump  labdmz
 # DLM database host
 Host etqc-dlm-db-01
    HostName      etqc-dlm-db-01
    User          kenjim
    LocalForward  5433 localhost:5431
-Host awx-lz-01
+# TIM agent hosts — wildcard (via engdmz)
-HostName etqc-awx-lz-01
+Host etqc-tim-agt-*
    ProxyJump  engdmz
 # =============================================================================
 # HOME NETWORK  (172.27.0.0/24)
 # =============================================================================
 # Local Gitea server
 Host zet
    HostName             172.27.0.35
    ServerAliveInterval  540
 # Local home router (pfSense)
 Host pfsense
    HostName  172.27.0.1
    User      root
 # Secondary home router / gateway
 Host router
    HostName  172.27.0.254
    User      root
 # Second Mac (MacBook Mini)
 Host kenjim-mbm
    HostName  kenjim-mbm.home.arpa
 # Home server — internal LAN IP
 Host akira-mt
    HostName  172.27.0.11
 # =============================================================================
 # PERSONAL REMOTE MACHINES
 # =============================================================================
 # Primary home server — external access
 Host akira
    HostName             lair.kenjim.com
    Port                 11722
    ForwardAgent         yes
    ForwardX11           yes
    Compression          yes
    ServerAliveInterval  540
    # LocalForward 55900 localhost:5900   # VNC to home display
    # LocalForward 53389 t41xp:3389       # RDP to Windows box
 # Home server — t430 VM (port-forwarded through router)
 Host lair-t430-vm
    HostName      lair.kenjim.com
    Port          11922
    ForwardAgent  yes
    Compression   yes
 # Personal VPS / bastion
 Host bar
    HostName             bar.kenjim.com
    User                 root
    DynamicForward       3128
    Compression          yes
    ServerAliveInterval  540
 # MacBook Pro (accessed from kenjim-lnx on LAN)
 Host mbp
    HostName      192.168.0.100
    User          kenjim
    ForwardAgent  yes
 # Mint VM on MacBook (VMware Fusion)
 Host kenjim-vm
    HostName      192.168.168.130
    User          kenjim
    ForwardAgent  yes