# https://wikitech.wikimedia.org/wiki/Production_access#Setting_up_your_SSH_config
CanonicalizeHostname yes
# Always use root@ for mgmt ssh sessions
Match host=*.mgmt.*.wmnet
User root
# Defaults for all WMF hosts.
Match host=*.wikimedia.org,*.wmnet
ForwardAgent no
IdentitiesOnly yes
KbdInteractiveAuthentication no
# PasswordAuthentication no
User razzi
UserKnownHostsFile ~/.ssh/known_hosts.d/wmf-prod
IdentityFile ~/.ssh/id_wikimedia_prod_aug_2020
Host *
UseKeychain yes
AddKeysToAgent yes
# Configure the initial connection to the bastion host, with the one
# HostName closest to you
Host bast
HostName bast4003.wikimedia.org
IdentityFile ~/.ssh/id_wikimedia_prod_aug_2020
# Proxy all connections to internal servers through the bastion host
Host *.wmnet *.wikimedia.org !gerrit.wikimedia.org !bast*.wikimedia.org
ProxyJump bast
# razzi: can i remove this?
IdentityFile ~/.ssh/id_wikimedia_prod_aug_2020
Host *.wmflabs.org *.wmcloud.org *.toolforge.org
User razzi
Host *.wmflabs *.wikimedia.cloud
User razzi
ProxyJump bastion.wmcloud.org:22
IdentityFile ~/.ssh/id_rsa_wmf_cloud
Host gerrit.wikimedia.org
Port 29418
User razzi
IdentityFile ~/.ssh/id_rsa_wmf_cloud
# Ashburn, VA eqiad internal hosts
# e.g. ssh
Host *.e
HostName %hqiad.wmnet
Host *.c
HostName %hodfw.wmnet
Host *.w
HostName %hikimedia.org
