|
|
2ef8dfd6ed
|
Add comprehensive SSH jump host / bastion documentation
Document SSH ProxyJump configuration for accessing KVM guest VMs
through grokbox hypervisor as a bastion/jump host.
Documentation includes:
- Architecture diagram with network topology
- Jump host concept and benefits explanation
- Implementation details (group_vars, hosts.yml, SSH config)
- Connection flow and SSH handshake details
- Usage examples (Ansible, manual SSH, SCP)
- Comprehensive troubleshooting guide
- Security considerations and hardening recommendations
- Performance optimization (ControlMaster, connection pooling)
- Monitoring and logging procedures
- Alternative access patterns
- Testing and validation checklist
Current Configuration:
- Jump Host: grokbox (grok.home.serneels.xyz)
- Guest VMs: pihole, mymx, derp (192.168.122.0/24)
- Method: SSH ProxyJump with ControlMaster multiplexing
- Group vars configured in: group_vars/kvm_guests.yml
- Per-host settings in: hosts.yml
Key Features:
✅ Automatic ProxyJump for all kvm_guests group members
✅ SSH connection multiplexing for performance
✅ Keepalive configuration to prevent timeouts
✅ Security-first approach with audit logging
✅ Tested and working (pihole ping successful)
Benefits:
- Centralized access control through single entry point
- Guest VMs remain on private network (not exposed)
- Reduced attack surface
- Simplified network architecture
- Comprehensive audit trail
Related Files:
- inventories/development/group_vars/kvm_guests.yml (config)
- inventories/development/hosts.yml (host definitions)
- ansible.cfg (global SSH settings)
This completes the network access pattern documentation
required for multi-tier infrastructure access.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
2025-11-11 02:00:45 +01:00 |
|
