Title here
Summary here
Extends
In the following example, the Extends directive tells the older_ciscos group to inherit its base config from the plain ciscos group.
The ciphers option is then overridden, a wildcard set of hosts matching es*.office.adm is supplied, in addition to the core router, cr1.office.2.adm.
This lets us inherit the bulk of the options but override the unsupported ciphers for these older devices.
The repetition in the plain SSH config needed to do this is ungainly. Or to put it more bluntly, a pain in the arse to manage.
---
ciscos:
Config:
Ciphers: aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms: +diffie-hellman-group1-sha1
HostKeyAlgorithms: ssh-rsa,ssh-dss
PubkeyAuthentication: "no"
Hosts:
- oldas*.adm
- oldcs*.adm
- cs1.office.adm
- cs2.office.adm
- ms1.office.adm
- as1.office.adm
- as2.office.adm
- as3.office.adm
- as4.office.adm
- ps1.office.adm
- ps2.office.adm
older_ciscos:
Extends: ciscos
Config:
Ciphers: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
Hosts:
- es*.office.adm
- cr1.office2.admThis will produce this config:
# ciscos
Host oldas*.adm
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
Host oldcs*.adm
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
Host cs1.office.adm
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
HostName cs1.office.adm
Host cs2.office.adm
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
HostName cs2.office.adm
Host ms1.office.adm
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
HostName ms1.office.adm
Host as1.office.adm
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
HostName as1.office.adm
Host as2.office.adm
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
HostName as2.office.adm
Host as3.office.adm
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
HostName as3.office.adm
Host as4.office.adm
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
HostName as4.office.adm
Host ps1.office.adm
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
HostName ps1.office.adm
Host ps2.office.adm
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
HostName ps2.office.adm
# older_ciscos
Host es*.office.adm
Ciphers aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
Host cr1.office2.adm
Ciphers aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
KexAlgorithms +diffie-hellman-group1-sha1
HostKeyAlgorithms ssh-rsa,ssh-dss
PubkeyAuthentication no
HostName cr1.office2.adm
Host *