= Conexión remota A->B->C con SSH (~/.ssh/config)
conectar desde A a C (que no es accesible directamente por A) a través de B usando SSH

== objetivo
  * conectamos desde nuestra máquina local a **bastion** (A)
  * conectaremos a la máquina C a través de A, según marca la configuración del fichero

== + info
  * [[https://superuser.com/questions/1140830/ssh-agent-forwarding-using-different-usernames-and-different-keys]]
  * [[https://serverfault.com/questions/337274/ssh-from-a-through-b-to-c-using-private-key-on-b]]
  * [[https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-L0Y3TE-GaOtkoeslVq1/how_to_ssh_into_a_private_inst]]

== POC
  * ficheros para crear 2 contenedores con servicio SSH
  * hay que generar 2 keys y usar ''ssh-copy-id'' para cada uno de ellos

<code yml docker-compose.yml>
version: '3.6'
 
services:
 
  bastion:
    image: gotechnies/alpine-ssh 
    ports:
      - '2345:22'
    container_name: bastion
    networks:
      bastion-network:
        ipv4_address: 172.23.0.2

  gargamex:
    image: gotechnies/alpine-ssh
    ports:
      - '3456:22'
    container_name: gargamex
    networks:
      bastion-network:
        ipv4_address: 172.23.0.3

networks:
  bastion-network:
    name: bastion-network
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.23.0.0/24
</code>
<code bash .ssh/config>
Host gargamex
    Hostname 172.23.0.3
    User root
    ProxyCommand ssh bastion -W %h:%p
    ForwardAgent yes
    IdentityFile /home/mate/Docker/bastion/gargamex-key 

Host bastion
    #ForwardAgent yes
    HostName 172.23.0.2
    User root
    ProxyCommand none
    IdentityFile /home/mate/Docker/bastion/bastion-key 
</code>