Tip: ssh `Match exec` and config for cloud instances

If you work a lot with ephemeral instances you will eventually run into this message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Today I learned about Match exec config option in ~/.ssh/config which allows you to set certain options depending on custom command results.

Since all GCE external IP’s are routed through google LB’s, which resolve to *.bc.googleusercontent.com, we can use that to our advantage to disable recording GCE instances into known_hosts by putting the following into ~/.ssh/config:

# Do not record GCE instances into known_hosts file
Match exec "nslookup %h | grep 'bc.googleusercontent.com'"
   UserKnownHostsFile none

I hope others may find this useful too!

 
0
Kudos
 
0
Kudos

Now read this

Ansible - GCP Dynamic inventory bootstrap

Ansible GCP module bootstrap # The official docs on Ansible GCP module are quite a bit confusing, so I’ve decided to publish some steps to quickly bootstrap a working environment. Main concept is that Ansible can not only use static... Continue →