Comment by mmh0000
While we're sharing neat ssh_config tricks, here's my favorite trick I use:
My home network is set up so that if I'm home or on my self-hosted VPN, I can SSH directly to my various things. But if I'm away from home and not on the VPN, I can SSH into my home systems through a jump host.
In the ssh_config file, I have it configured to detect how/where I am and optionally use a jump host.
Host jump jump.example.org
HostName jump.example.org
Port 41444
User mmh
UserKnownHostsFile /dev/null
ChallengeResponseAuthentication no
CheckHostIP no
Compression yes
ForwardX11 no
GSSAPIAuthentication no
LogLevel ERROR
PreferredAuthentications publickey,keyboard-interactive
ProxyJump none
PermitLocalCommand yes
# Order here matters. Detect VPN first, then home network.
# If connecting to a *.example.org host and router.example.org = 10.0.0.1, must be home/vpn.
Match host *.example.org exec "getent ahosts router.example.org | grep -q ^10.0.0.1"
ProxyJump none
# If connecting to a *.example.org host and the macaddr of 10.0.0.1 is NOT 2a:70:ff:ff:ff:ff, then use jump.example.org:
Match host *.example.org exec "! arp -ne 10.0.0.1 | grep -Fq 2a:70:ff:ff:ff:ff"
ProxyJump jump.example.org
## Define the things
Host tv tv.example.org
HostName tv.example.org
User mmh
Wow. Nice trick! I didn't know SSH Config can do that exec control flow.