reorganized ssh config

2026-02-23 16:40:50 -06:00
parent 5e8bacc0e5
commit 180cd61e30
1 changed files with 186 additions and 205 deletions
--- a/.ssh/config
+++ b/.ssh/config
@@ -1,227 +1,208 @@
-ForwardAgent yes
-#ForwardX11 yes
-UserKnownHostsFile /dev/null
-StrictHostKeyChecking no
-Protocol 2,1
-Compression yes
-KeepAlive yes
-#ServerAliveInterval 540
-#LocalForward 57711 127.0.0.1:57711
+# =============================================================================
+# SSH Client Configuration
+# Managed by dotfiles_manager.sh | ~/dotfiles/.ssh/config
+# =============================================================================
+
+
+# =============================================================================
+# GLOBAL DEFAULTS
+# Applied to every connection unless overridden by a specific Host block.
+# =============================================================================
+Host *
    AddKeysToAgent       yes
    IgnoreUnknown        UseKeychain
    UseKeychain          yes
+    ForwardAgent         yes
+    Compression          yes
+    ServerAliveInterval  60
+    ServerAliveCountMax  10
+    # Disable strict host checking globally — convenient for ephemeral lab/dev hosts.
+    # Override per-host below for anything production or security-sensitive.
+    StrictHostKeyChecking  no
+    UserKnownHostsFile     /dev/null

+
+# =============================================================================
+# WORK — JUMP HOSTS / DMZ
+# These are the entry points for all internal Juniper infrastructure.
+# =============================================================================
+
+# Primary engineering DMZ — Quincy
+Host engdmz
+    HostName             qceng-dmz-01
+    User                 kenjim
+    DynamicForward       3130
+    ServerAliveInterval  250
+    Ciphers              aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
+    # Postgres DB forwards
+    LocalForward  5430  10.47.245.65:5432              # engtech secondary
+    LocalForward  5433  10.47.245.41:5432              # engtech primary
+    LocalForward  5450  10.47.245.53:5432              # TIM production
+    # K8 cluster API forwards
+    LocalForward  8443  qnengapp1-vip.juniper.net:443  # Quincy K8
+    LocalForward  9443  bnengapp1-vip.juniper.net:443  # Bangalore K8
+
+# Lab DMZ — TTQC
+Host labdmz
+    HostName             ttqc-tim-sh01.juniper.net
+    User                 kenjim
+    DynamicForward       3129
+    ServerAliveInterval  250
+    Ciphers              aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
+    LocalForward  6548  etus-pgb-lrm.ttglb.juniper.net:6548   # LRM DB
+
+# Encrypted engineering DMZ — Quincy
+Host encdmz
+    HostName             qcencl-dmz-01
+    User                 kenjim
+    DynamicForward       3135
+    ServerAliveInterval  250
+
+# eVNC DMZ
+Host evncdmz
+    HostName  qceng-evnc-02.juniper.net
+    User      kenjim
+
+
+# =============================================================================
+# WORK — DEV / K8 MACHINES
+# =============================================================================
+
+# Primary dev machine — Quincy K8
 Host k
    HostName             etqc-kenjim-11.juniper.net
-#ProxyJump engdmz
    DynamicForward       3139
-# For aws S3 command
-LocalForward 8888 qnc-engdata5vs3.juniper.net:80
-# VMM Telemetry DB
-#LocalForward 5445 etus-tel-db-k8.ttglb.juniper.net:5432
-# Notification DB
-#LocalForward 5446 etus-not-db-k8.ttglb.juniper.net:5432
-# LRM Beta DB
-LocalForward 5447 engtech-lrm-snap1-qnc.engtech-pgdb-qnc.qengk8.juniper.net:5432
-# TIM-API DB
-#LocalForward 5448 engtech.timdb.qengk8.juniper.net:5432
-# Limited Use
-RemoteForward 2222 localhost:22
    ServerAliveInterval  30
    ServerAliveCountMax  20
+    RemoteForward        2222 localhost:22
+    LocalForward         8888 qnc-engdata5vs3.juniper.net:80                                    # S3 proxy
+    LocalForward         5447 engtech-lrm-snap1-qnc.engtech-pgdb-qnc.qengk8.juniper.net:5432   # LRM Beta DB
+    # ProxyJump engdmz

-Host zet
-HostName 172.27.0.35
-ServerAliveInterval 540
-
-Host kenjim-mbm
-HostName kenjim-mbm.home.arpa
-
-Host ktaas
-HostName kenjim-taas.qengk8.juniper.net 
-
-Host ttqc-shell
-HostName ttqc-shell012.juniper.net
-
-Host ktq
-HostName kenjim-temp.qengk8.juniper.net 
-
-Host ktb
-HostName kenjim-temp.bengk8.juniper.net 
-
+# Previous dev machine
 Host kold
    HostName  etqc-kenjim-01.juniper.net

+# TaaS dev machine
+Host ktaas
+    HostName  kenjim-taas.qengk8.juniper.net

-# Paul's machine in labdmz
-Host p
-HostName etqc-pms-02.juniper.net
-DynamicForward 3140
+# Temp machine — Bangalore K8
+Host ktb
+    HostName  kenjim-temp.bengk8.juniper.net

-
-# Quincy K8 Dev Server
+# Shared dev server — Quincy K8
 Host k8dev
    HostName        engtech-dev-01.juniper.net
-#ProxyJump engdmz
    DynamicForward  3132
-# For aws S3 command
-LocalForward 8889 qnc-engdata5vs3.juniper.net:80
-
-Host ttqc-shell005
-HostName ttqc-shell005
-ProxyJump engdmz
-
-
-Host router
-User root
-HostName 172.27.0.254
-
-Host bar
-User root
-HostName bar.kenjim.com
-DynamicForward 3128
-Port 22
-Compression yes
-ServerAliveInterval 540
-
-Host akira
-HostName lair.kenjim.com
-Port 11722
-#RemoteForward 11522 localhost:22
-ForwardAgent yes
-ForwardX11 yes
-Compression yes
-IdentityFile /export/kenjim/.ssh/juniper_kenjim_rsa_id
-# for VNCing to home system
-#LocalForward 55900 localhost:5900
-#LocalForward 53389 t41xp:3389
-ServerAliveInterval 540
-
-
-Host akira-mt
-HostName 172.27.0.11
-#RemoteForward 11522 localhost:22
-#ForwardAgent yes
-#ForwardX11 yes
-#Compression yes
-#IdentityFile /export/kenjim/.ssh/juniper_kenjim_rsa_id
-# for VNCing to home system
-#LocalForward 55900 localhost:5900
-#LocalForward 53389 t41xp:3389
-#ServerAliveInterval 540
-
-# Port forwarded through home router
-Host lair-t430-vm
-HostName lair.kenjim.com
-Port 11922
-#RemoteForward 11522 localhost:22
-ForwardAgent yes
-#ForwardX11 yes
-Compression yes
-#IdentityFile /export/kenjim/.ssh/juniper_kenjim_rsa_id
-# for VNCing to home system
-#LocalForward 55900 localhost:5900
-#LocalForward 53389 t41xp:3389
-#ServerAliveInterval 540
-
-# This is for connecting from kenjim-lnx
-Host mbp
-HostName 192.168.0.100
-User kenjim
-ForwardAgent yes
-
-# This is for connecting to mint vm on macbook fusion
-Host kenjim-vm
-HostName 192.168.168.130
-User kenjim
-ForwardAgent yes
-
-Host p-qnc-tt*
-User kenjim
-ServerAliveInterval 250
-
-Host engdmz
-User kenjim
-HostName qceng-dmz-01
-Ciphers aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
-ServerAliveInterval 250
-DynamicForward 3130
-LocalForward 5433 10.47.245.41:5432
-# Engineering K8 Clusters
-LocalForward 8443 qnengapp1-vip.juniper.net:443
-LocalForward 9443 bnengapp1-vip.juniper.net:443
-LocalForward 5430 10.47.245.65:5432
-# TIM Production
-LocalForward 5450 10.47.245.53:5432
-#LocalForward 5452 etus-pgb-lrm.ttglb.juniper.net:5432
-#LocalForward 3306 engtech-metrics.juniper.net:3306
-
-Host encdmz
-User kenjim
-HostName qcencl-dmz-01
-ServerAliveInterval 250
-DynamicForward 3135
-
-Host labdmz
-User kenjim
-HostName ttqc-tim-sh01.juniper.net
-Ciphers aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
-ServerAliveInterval 250
-DynamicForward 3129
-#LocalForward 22211 ttqc-tim-sh01:22
-#LocalForward 22221 ttqc-awx-01:22
-#LocalForward 22222 ttqc-awx-02:22
-#LocalForward 22231 ttqc-tim-app-01:22
-#LocalForward 22232 ttqc-tim-app-02:22
-#LocalForward 22233 ttqc-tim-app-03:22
-#LocalForward 22234 ttqc-tim-app-04:22
-#LocalForward 22235 ttqc-tim-app-05:22
-#LocalForward 22236 ttqc-tim-app-06:22
-#LocalForward 22241 ttqc-tim-utl-01:22
-#LocalForward 22242 ttqc-tim-utl-02:22
-#LocalForward 6548 etus-pgb-lrm-snap1.ttglb.juniper.net:6548
-LocalForward 6548 etus-pgb-lrm.ttglb.juniper.net:6548
-#LocalForward 5433 ttqc-testdb-01:5432
-#LocalForward 7432  p-qnc-ttdb03.juniper.net:5432
-
-#Host etqc-awx-ez-*
-#Compression yes
-#ServerAliveInterval 60
+    LocalForward    8889 qnc-engdata5vs3.juniper.net:80   # S3 proxy
    # ProxyJump engdmz

-Host evncdmz
-User kenjim
-HostName qceng-evnc-02.juniper.net
-
-# Bangalore K8 Dev Server
+# Shared dev server — Bangalore K8
 Host k8devb
    HostName   engtech-bdev-01
    ProxyJump  engdmz

-Host etqc-pgtools-01
-HostName etqc-pgtools-01
+
+# =============================================================================
+# WORK — LAB INFRASTRUCTURE
+# =============================================================================
+
+# Paul's machine (via labdmz)
+Host p
+    HostName        etqc-pms-02.juniper.net
+    DynamicForward  3140
+
+# TTQC shell server
+Host ttqc-shell
+    HostName  ttqc-shell012.juniper.net
+
+# TTQC shell server (via engdmz)
+Host ttqc-shell005
+    HostName   ttqc-shell005
    ProxyJump  engdmz

-Host etbg-vmpgdb-02
-HostName etbg-vmpgdb-02
-ProxyJump engdmz
-DynamicForward 3133
-
-Host etqc-tim-agt-*
-ProxyJump engdmz
-
-Host pfsense
-HostName 172.27.0.1
-User root
-
+# TTQC test DB (via labdmz)
 Host ttqc-testdb-01
-#LocalForward 5433 localhost:5432
    ProxyJump  labdmz

+# DLM database host
 Host etqc-dlm-db-01
    HostName      etqc-dlm-db-01
    User          kenjim
    LocalForward  5433 localhost:5431

-Host awx-lz-01
-HostName etqc-awx-lz-01
+# TIM agent hosts — wildcard (via engdmz)
+Host etqc-tim-agt-*
+    ProxyJump  engdmz
+
+
+# =============================================================================
+# HOME NETWORK  (172.27.0.0/24)
+# =============================================================================
+
+# Local Gitea server
+Host zet
+    HostName             172.27.0.35
+    ServerAliveInterval  540
+
+# Local home router (pfSense)
+Host pfsense
+    HostName  172.27.0.1
+    User      root
+
+# Secondary home router / gateway
+Host router
+    HostName  172.27.0.254
+    User      root
+
+# Second Mac (MacBook Mini)
+Host kenjim-mbm
+    HostName  kenjim-mbm.home.arpa
+
+# Home server — internal LAN IP
+Host akira-mt
+    HostName  172.27.0.11
+
+
+# =============================================================================
+# PERSONAL REMOTE MACHINES
+# =============================================================================
+
+# Primary home server — external access
+Host akira
+    HostName             lair.kenjim.com
+    Port                 11722
+    ForwardAgent         yes
+    ForwardX11           yes
+    Compression          yes
+    ServerAliveInterval  540
+    # LocalForward 55900 localhost:5900   # VNC to home display
+    # LocalForward 53389 t41xp:3389       # RDP to Windows box
+
+# Home server — t430 VM (port-forwarded through router)
+Host lair-t430-vm
+    HostName      lair.kenjim.com
+    Port          11922
+    ForwardAgent  yes
+    Compression   yes
+
+# Personal VPS / bastion
+Host bar
+    HostName             bar.kenjim.com
+    User                 root
+    DynamicForward       3128
+    Compression          yes
+    ServerAliveInterval  540
+
+# MacBook Pro (accessed from kenjim-lnx on LAN)
+Host mbp
+    HostName      192.168.0.100
+    User          kenjim
+    ForwardAgent  yes
+
+# Mint VM on MacBook (VMware Fusion)
+Host kenjim-vm
+    HostName      192.168.168.130
+    User          kenjim
+    ForwardAgent  yes