ssh-tutorial-fr/ssh_config_example at main · NDXDeveloper/ssh-tutorial-fr · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
# ========================================
# Exemple de configuration SSH ~/.ssh/config
# Auteur: NDXDev@gmail.com
# ========================================
#
# Instructions:
# 1. Copiez ce fichier dans ~/.ssh/config
# 2. Adaptez les valeurs à vos besoins
# 3. Permissions: chmod 600 ~/.ssh/config
#
# ========================================

# ----------------------------------------
# Configuration GLOBALE pour tous les hôtes
# ----------------------------------------
Host *
    # Connexion
    ConnectTimeout 10
    ServerAliveInterval 60
    ServerAliveCountMax 3
    TCPKeepAlive yes

    # Sécurité
    IdentitiesOnly yes
    StrictHostKeyChecking ask
    HashKnownHosts yes

    # Performance
    Compression yes
    ControlMaster auto
    ControlPath ~/.ssh/sockets/%r@%h-%p
    ControlPersist 4h

    # Agent SSH
    AddKeysToAgent yes

    # Éviter les problèmes de connexion
    IPQoS throughput

# ----------------------------------------
# SERVEURS DE PRODUCTION
# ----------------------------------------
Host prod
    HostName production.exemple.com
    User admin
    Port 2222
    IdentityFile ~/.ssh/id_ed25519_prod
    ForwardAgent no
    LogLevel INFO

Host prod-web
    HostName web.prod.exemple.com
    User webmaster
    Port 2222
    IdentityFile ~/.ssh/id_ed25519_prod
    LocalForward 8080 localhost:80
    LocalForward 8443 localhost:443

Host prod-db
    HostName db.prod.exemple.com
    User dba
    Port 2222
    IdentityFile ~/.ssh/id_ed25519_prod
    LocalForward 3306 localhost:3306

# ----------------------------------------
# SERVEURS DE DÉVELOPPEMENT
# ----------------------------------------
Host dev
    HostName dev.exemple.com
    User developer
    Port 22
    IdentityFile ~/.ssh/id_ed25519_dev
    ForwardAgent yes
    Compression yes

Host staging
    HostName staging.exemple.com
    User deploy
    Port 22
    IdentityFile ~/.ssh/id_ed25519_staging

# ----------------------------------------
# SERVEURS LOCAUX / HOMELAB
# ----------------------------------------
Host pi
    HostName 192.168.1.100
    User pi
    Port 22
    IdentityFile ~/.ssh/id_ed25519_pi
    LocalForward 8080 localhost:80

Host nas
    HostName 192.168.1.50
    User admin
    Port 22
    IdentityFile ~/.ssh/id_ed25519_local

Host home-server
    HostName 192.168.1.10
    User homeuser
    Port 22
    IdentityFile ~/.ssh/id_ed25519_local
    DynamicForward 1080

# ----------------------------------------
# GIT PROVIDERS
# ----------------------------------------

# GitHub principal
Host github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/github_ed25519
    IdentitiesOnly yes

# GitHub - compte personnel
Host github-perso
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_github_perso

# GitHub - compte professionnel
Host github-travail
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519_github_travail

# GitLab
Host gitlab.com
    HostName gitlab.com
    User git
    IdentityFile ~/.ssh/gitlab_ed25519
    IdentitiesOnly yes

# Bitbucket
Host bitbucket.org
    HostName bitbucket.org
    User git
    IdentityFile ~/.ssh/bitbucket_ed25519
    IdentitiesOnly yes

# GitLab auto-hébergé
Host gitlab-perso
    HostName git.mondomaine.com
    User git
    Port 2222
    IdentityFile ~/.ssh/gitlab_selfhosted_ed25519

# ----------------------------------------
# VPS / CLOUD PROVIDERS
# ----------------------------------------
Host aws-web
    HostName ec2-XX-XX-XX-XX.compute.amazonaws.com
    User ec2-user
    IdentityFile ~/.ssh/aws_web.pem
    StrictHostKeyChecking no

Host azure-vm
    HostName monvm.cloudapp.azure.com
    User azureuser
    IdentityFile ~/.ssh/azure_key

Host do-droplet
    HostName droplet.digitalocean.com
    User root
    Port 22
    IdentityFile ~/.ssh/digitalocean_ed25519

# ----------------------------------------
# JUMP HOSTS (Bastions)
# ----------------------------------------
Host bastion
    HostName bastion.exemple.com
    User jumpuser
    Port 2222
    IdentityFile ~/.ssh/bastion_key
    ForwardAgent no

# Serveur derrière le bastion
Host serveur-interne
    HostName 10.0.0.50
    User internal
    Port 22
    IdentityFile ~/.ssh/internal_key
    ProxyJump bastion

# Chaîne de bastions
Host serveur-tres-interne
    HostName 10.10.0.100
    User veryinternal
    ProxyJump bastion,serveur-interne

# ----------------------------------------
# TUNNELING ET PORT FORWARDING
# ----------------------------------------

# Tunnel base de données
Host tunnel-mysql
    HostName db-server.exemple.com
    User dbuser
    IdentityFile ~/.ssh/db_key
    LocalForward 3306 localhost:3306
    ServerAliveInterval 30

# Tunnel PostgreSQL
Host tunnel-postgres
    HostName pg-server.exemple.com
    User pguser
    IdentityFile ~/.ssh/pg_key
    LocalForward 5432 localhost:5432

# Proxy SOCKS pour navigation
Host proxy-socks
    HostName proxy.exemple.com
    User proxyuser
    IdentityFile ~/.ssh/proxy_key
    DynamicForward 1080

# Tunnel Redis
Host tunnel-redis
    HostName redis-server.exemple.com
    User redisuser
    IdentityFile ~/.ssh/redis_key
    LocalForward 6379 localhost:6379

# ----------------------------------------
# CONFIGURATIONS SPÉCIALES
# ----------------------------------------

# Serveur avec authentification 2FA
Host server-2fa
    HostName secure.exemple.com
    User secureuser
    IdentityFile ~/.ssh/secure_key
    ChallengeResponseAuthentication yes
    PubkeyAuthentication yes

# Serveur ancien avec algorithmes legacy
Host legacy-server
    HostName old.exemple.com
    User olduser
    IdentityFile ~/.ssh/old_rsa
    KexAlgorithms +diffie-hellman-group1-sha1
    HostKeyAlgorithms +ssh-rsa
    PubkeyAcceptedKeyTypes +ssh-rsa

# Serveur avec X11 forwarding
Host gui-server
    HostName gui.exemple.com
    User guiuser
    IdentityFile ~/.ssh/gui_key
    ForwardX11 yes
    ForwardX11Trusted yes

# ----------------------------------------
# PATTERNS ET WILDCARDS
# ----------------------------------------

# Tous les serveurs .exemple.com
Host *.exemple.com
    User defaultuser
    Port 2222
    IdentityFile ~/.ssh/default_key

# Tous les serveurs dev-*
Host dev-*
    User developer
    Port 22
    ForwardAgent yes
    LogLevel DEBUG

# ----------------------------------------
# NOTES
# ----------------------------------------
# Pour utiliser ces configurations:
#   ssh prod          # au lieu de ssh admin@production.exemple.com -p 2222
#   ssh dev           # au lieu de ssh developer@dev.exemple.com
#   ssh github-perso  # pour utiliser le compte GitHub personnel
#
# Créer le dossier pour ControlPath:
#   mkdir -p ~/.ssh/sockets
#
# Tester une configuration:
#   ssh -G prod
#
# Connexion avec verbose pour debug:
#   ssh -v prod