Home Posts Notes Now

SSH configuration

Jump boxes

My Raspberry PI is part of my tailnet. I wanted to use it as a jump box to connect to some other Tailscale hosts from machines that aren't part of the tailnet. This can be configured by editing ~/.ssh/config (see this link for more details):

1Host *
2 ServerAliveInterval 60
4Host raspberrypi
5 HostName
6 User mario
8Host remote-host
9 HostName remote-host.domain.com
10 ProxyCommand ssh -W %h:%p raspberrypi

This works even better if I use key-based authentication.

In ~/.ssh/config I can tell where the keys are:

1Host *
2 AddKeysToAgent yes
3 UseKeychain yes
4 IdentityFile ~/.ssh/id_ed25519

and then tell the Raspberry PI to trust it via cat ~/.ssh/id_ed25519.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

ssh-agent forwarding

I use a Debian VM for development (via Visual Studio Code Remote - SSH). This configuration works well to forward the SSH agent and to share the SSH connection across multiple sessions.

1Host debian
2 User mario
3 HostName
4 ForwardAgent yes
5 IdentityFile ~/.ssh/id_ed25519
6 ControlMaster auto
7 ControlPath ~/.ssh/sockets/%r@%h-%p
8 ControlPersist 600

Forwarding can be setup also this way:

Thanks for reading. Feel free to reach out for any comment or question.