Using Expect or SSH Config to Jump Faster

A remote SSH login into a remote server environment over a jump server is a monotonous routine which might happen a lot during the work day. Doing it manually gets annoying over time, so I found two shortcuts to automate this tedious task.

Jump servers a.k.a. jumpboxes are remote SSH login gateways in server environments. They enable users to jump to internal machines without exposing them publically on the internet. First, you login to the jumpbox, then from the jumpbox into the internal machine. What an annoying procedure and how much valuable time wasted!

Expect

I did some research of how to directly jump over the jumpbox to a specific machine. My first solution uses the command line tool expect. This tool allows you to script the interaction with a shell. After execution, the scripts hands back the shell over to the user. Customize the following to suit your needs and source it in your shell configuration:

USER=jendrik
JUMPBOX_TEST=service-test.domain.com
JUMPBOX_PROD=service.domain.com
SPARKM1_TEST=10.0.8.62
SPARKM1_PROD=10.0.0.81

function jump {
  expect -c "
  spawn -noecho bash;\
  send \"ssh -A $USER@$1\r\";\
  send \"ssh $USER@$2\r\";\
  interact"
}

alias sparkm1prod="jump $JUMPBOX_PROD $SPARKM1_PROD"
alias sparkm1test="jump $JUMPBOX_TEST $SPARKM1_TEST"

SSH Config

This gives you probably a pretty good idea of how you can use expect. This approach is a more generic one. And once you understood how expect works, you can automate a lot of trivial shell interaction. A cleaner solution for this jumpbox problem, however, is to configure SSH directly to use jumpboxes as proxies. Analog to your setup add the following lines to your /etc/ssh/ssh_config or ~/.ssh/ssh_config.

Host 10.0.0.* domain-test-euw-*
    ProxyCommand ssh -W %h:%p [email protected]
    User jendrik

Host 10.0.0.* domain-prod-euw-*
    ProxyCommand ssh -W %h:%p [email protected]
    User jendrik

For more information of how to use this approach check out the resource section below. On my work notebook, I combined the second approach with a copy of the hosts file of the internal network to autocomplete the hostnames. For an interactive selection of the host you want to jump to, use the simple but powerful peco.

Resources

One or two mails a month about the latest technology I'm hacking on.