Tip: ssh `Match exec` and config for cloud instances

If you work a lot with ephemeral instances you will eventually run into this message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Today I learned about Match exec config option in ~/.ssh/config which allows you to set certain options depending on custom command results.

Since all GCE external IP’s are routed through google LB’s, which resolve to *.bc.googleusercontent.com, we can use that to our advantage to disable recording GCE instances into known_hosts by putting the following into ~/.ssh/config:

# Do not record GCE instances into known_hosts file
Match exec "nslookup %h | grep 'bc.googleusercontent.com'"
   UserKnownHostsFile none

I hope others may find this useful too!

 
0
Kudos
 
0
Kudos

Now read this

Ansible  -  GCP dynamic inventory 2.0

The GCP module for Ansible has recently been updated to not rely on libcloud but the docs still continue to be slightly confusing, so I’m publishing a new article on how to set up Ansible GCP dynamic inventory. As last time this assumes... Continue →