Template and share OpenSSH ssh_config(5) files.
Project description
sedge
Template and share OpenSSH ssh_config(5) files. A preprocessor for OpenSSH configurations.
Named for the favourite food of the Western Ground Parrot. If you find this software useful, please consider donating to the effort to save this critically endangered species.
sedge is supported on macOS, Linux/BSD, and Windows.
Build status
Installation
pip3 install sedge
Usage
sedge
Usage: sedge [OPTIONS] COMMAND [ARGS]...
Template and share OpenSSH ssh_config(5) files. A preprocessor for OpenSSH
configurations.
Options:
--version Show the version and exit.
-c, --config-file TEXT
-o, --output-file TEXT
-n, --no-verify do not verify HTTPS requests
-k, --key-directory TEXT directory to scan for SSH keys
-v, --verbose
--help Show this message and exit.
Commands:
init Initialise ~./sedge/config file if none...
keys Manage ssh keys
update Update ssh config from sedge specification
Highlights
- Define classes of hosts, with inheritance
- Per-site definitions describing the hosts in a site. These definitions can imported by users
- Easily define hosts which must be accessed through one or more SSH tunnels
- Definition variables (including numeric ranges with optional increments, and sets of values)
- variable expansion within configuration
- keys can be referenced by fingerprint, and a specific key used for a given host. The base directory ~/.ssh is scanned for public/private key pairs, and the private key with a matching fingerprint is used. No need to standardise key file paths & file names when sharing configuration.
- allowing programmatic host definitions (eg. compute0, compute1, ..., compute99)
Security notes
Using @include
and shared sedge configuration files requires trust. A malicious
sedge configuration file can be used to construct an SSH configuration file
which does harmful things. Only use @include
against trusted URLs under your
control, or under the control of someone you trust.
Getting started
Sedge reads ~/.sedge/config
and uses it to generate ~/.ssh/config
.
Basic usage is simple:
$ sedge update
No output is generated if all goes well. Use the -v
flag to get
verbose output, including a diff of any changes made to your ~/.ssh/config
.
Below is an example sedge configuration file. It has the same syntax as an OpenSSH configuration file, but uses some additional keywords. Sedge keywords begin with an '@'.
# global configuration..
StrictHostKeyChecking no
# variables we wish to substitute
@set work-username percival
# key fingerprints - sedge will find the matching private key
# useful when keys are shared around, and multiple people are
# including a sedge config - no need to standardise paths / names
# for the keys
@key work-ec2 00:0a:0b:0c:0d:0e:0f:f0:0d:01:02:02:03:04:05:06
@key work-storage 3e:1a:1b:0c:0d:0e:0f:f0:0d:01:02:02:03:04:05:06
# OpenSSH 6.8 switched over to SHA256 fingerprints; we can provide both so our
# sedge configs work on machines with all OpenSSH versions
@key work-github 8e:1a:3b:0c:0d:0e:0f:f0:0d:01:02:02:03:04:05:06 SHA256:l3mMings9/oSzgKfGWq8uZE4oB+z8lLNNid/Tv51M
# define a set of host attributes
@HostAttrs trusted
ForwardAgent yes
# ... and another
@HostAttrs slow-network
Compression yes
TCPKeepAlive yes
Host headnode
@is slow-network
@identity work-ec2
HostName headnode.example.com
User <work-username>
# define hosts ceph0, ceph2, .., ceph14
@with i {0..14/2}
Host ceph<i>
@is trusted
# tunnel through 'headnode'
@via headnode
@identity work-storage
User ceph
@with i 3 5 8
Host swift<i>
@is trusted
# tunnel through 'headnode'
@via headnode
@identity work-storage
User ceph
# pull in a public sedge definition; pass this definition an argument
# in the included file arguments are defined:
# @args username
@include https://example.com/user-nodes.sedge <work-username>
# ... or we can use a file:///path
@include file:///path/to/my/file.sedge
# ... or we can use a path, in which case ~ will be expanded
@include ~/mystuff/file.sedge
Other functionality
Sedge allows you to associate names with your keys. It is helpful to list
the keys you have, and their fingerprints, so you can give them names using
the @identity
:
$ sedge list-keys
SHA256:lkfjFKJdslfjdfdkslFJKLKSjfdkjsdlfkSDJfksjdk /Users/grahame/.ssh/a-key
SHA256:ewr12913klajslakjiejrowjeroiwjJJfisjdfjsksd /Users/grahame/.ssh/another-key
If any of your keys do not have public keys alongside them (eg.
<mykey>.pub
), sedge will generate the public key file.
Sedge gives you a helpful shortcut to load all of your keys into ssh-agent
:
$ sedge add-keys
Keyword documentation
@args [arg ...]
- this keyword defines the names of variables which must
be passed if this file is included from another. Each arg
will be made
available for substitution.
@identity <keyname>
- this keyword applies to the current Host stanza.
It requires that only the key <keyname>
will be offered to log into the
host. This is useful if you are using a host such as github which has a
common user account, and identifies you based on the key offered.
@include <url> [arg ...]
- include the sedge file at <url>
. That file
may define one or more arguments with @arg
, which should be passed
through as arguments to @include
.
@is <attr>
- this keyword applies to a Host stanza. All attributes set
within the @HostAttrs
stanza with name <attr>
will be applied to the
current host.
@key <name> <fingerprint>
- this keyword applies globally, and the keys you
define are made available to files included with @include
. Your ~/.ssh/
directory will be scanned for keys matching <fingerprint>
. To find the
fingerprint for your keyfiles, run sedge list-keys
.
@set <variable> <val>
- this keyword applies globally within the current
file. The <variable>
is made available for subsitution within the file.
@via <host>
- this is a convenience keyword. It expands to a ProxyCommand
directive which allows the SSH login to bounce through <host>
.
@with <variable> [val ..]
- this keyword applies to the next Host stanza.
The <variable>
will be made available for subsitution within the stanza,
and the stanza will be repeated for each possible value of <variable>
.
Values of the format {a..b}
or {a..b/c}
are treated specially, and are
expanded to the inclusive range of integers from a
to b
with optional
step c
. If multiple @with
keywords are applied to a Host stanza, the
product of their values is used for substitution.
License
Copyright 2014-2020 Grahame Bowland.
See the included file LICENSE
for copying details.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file sedge-2.2.6.tar.gz
.
File metadata
- Download URL: sedge-2.2.6.tar.gz
- Upload date:
- Size: 29.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.3.1 CPython/3.11.1 Darwin/22.2.0
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | abcdca96820936c0095daa389ec93d638f8db6068ddf057b689205b43fdff305 |
|
MD5 | 0254f835874bcc7421b5c63a67e25eae |
|
BLAKE2b-256 | f3d44ffd0648a2219842714d14ee1e019b37cd5e6119bd7bdc211a606ae69a24 |
File details
Details for the file sedge-2.2.6-py3-none-any.whl
.
File metadata
- Download URL: sedge-2.2.6-py3-none-any.whl
- Upload date:
- Size: 27.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.3.1 CPython/3.11.1 Darwin/22.2.0
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5d70580e6fdcde61f72dbc35d6a93fd8017bb668e47beaa3023ec16ab9fefa3b |
|
MD5 | 26db798cda48fdad00f19fd61ffeb143 |
|
BLAKE2b-256 | 7efef0f47f3c72df892124f744975f1b038e39fe62c48057ed3faeae55f29472 |