Jump to content

Wikimedia Release Engineering Team/Ssh config

From mediawiki.org

Here is a recommended .ssh/config divided into three sections (although this is one file):

Production Access #

[edit]

This is one that works for members of RelEng. There is also a version that is maintained by SRE and is possibly more up-to-date. See SRE's version on Wikitech 

# Wikimedia production
Host bast1003.wikimedia.org bast2001.wikimedia.org bast3002.wikimedia.org bast4002.wikimedia.org bast5001.wikimedia.org
    StrictHostKeyChecking yes
    ProxyCommand none
    ControlMaster auto
    IdentitiesOnly yes

Host *.wikimedia.org !gerrit.wikimedia.org !git-ssh.wikimedia.org
    User your_username_here
    StrictHostKeyChecking yes
    IdentitiesOnly yes
    IdentityFile ~/.ssh/id_ed25519.wmfprod
    UserKnownHostsFile ~/.ssh/known-hosts.d/wmf-prod
    ProxyCommand ssh -a -W %h:%p bast1002.wikimedia.org

Host *.wmnet
    User your_username_here
    StrictHostKeyChecking yes
    IdentitiesOnly yes
    IdentityFile ~/.ssh/id_ed25519.wmfprod
    UserKnownHostsFile ~/.ssh/known_hosts.d/wmf-prod

Host *.eqiad.wmnet
    ProxyCommand ssh -a -W %h:%p bast1003.wikimedia.org

Host *.codfw.wmnet
    ProxyCommand ssh -a -W %h:%p bast2002.wikimedia.org

Host *.esams.wmnet
    ProxyCommand ssh -a -W %h:%p bast3002.wikimedia.org

Host *.ulsfo.wmnet
    ProxyCommand ssh -a -W %h:%p bast4002.wikimedia.org

Host *.eqsin.wmnet
    ProxyCommand ssh -a -W %h:%p bast5001.wikimedia.org

Gerrit Access #

[edit]
# Gerrit
Host gerrit.wikimedia.org
    User your_username_here
    StrictHostKeyChecking yes
    ProxyCommand none
    IdentitiesOnly yes
    IdentityFile ~/.ssh/id_ed25519.wmfdev
    UserKnownHostsFile ~/.ssh/known_hosts.d/wmf-dev

Wikimedia Developer Account /WMCS/Toolforge Access #

[edit]
# WMCS
Host bastwmcs
    Hostname primary.bastion.wmflabs.org
    StrictHostKeyChecking yes
    ProxyCommand none
    ControlMaster auto
    IdentitiesOnly yes
    IdentityFile ~/.ssh/id_ed25519.wmfdev
    UserKnownHostsFile ~/.ssh/known_hosts.d/wmf-dev

Host *.wmflabs *.wikimedia.cloud
    IdentityFile ~/.ssh/id_ed25519.wmfdev
    IdentitiesOnly yes
    ProxyCommand ssh -a -W %h:%p bastwmcs

Host deployment-* !deployment-*.wmflabs !deployment-*.wikimedia.cloud
    Hostname %h.deployment-prep.eqiad1.wikimedia.cloud
    IdentityFile ~/.ssh/id_ed25519.wmfdev
    UserKnownHostsFile ~/.ssh/known-hosts.d/wmf-wmcs-deployment-prep
    ProxyCommand ssh -a -W %h:%p bastwmcs

Host integration-* !integration-*.wmflabs
    Hostname %h.integration.eqiad1.wikimedia.cloud
    IdentityFile ~/.ssh/id_ed25519.wmfdev
    UserKnownHostsFile ~/.ssh/known-hosts.d/wmf-wmcs-integration
    ProxyCommand ssh -a -W %h:%p bastwmcs

Host *.tools.wmflabs.org
    IdentityFile ~/.ssh/id_ed25519.wmfdev

Host toolforge
    Hostname tools-login.wmflabs.org
    IdentityFile ~/.ssh/id_ed25519.wmfdev
    ProxyCommand ssh -a -W %h:%p login.tools.wmflabs.org
Retrieved from "https://www.mediawiki.org/w/index.php?title=Wikimedia_Release_Engineering_Team/Ssh_config&oldid=5071124"