Add script

salt-ssh-bastion-wrapper.sh

@@ -0,0 +1,41 @@
+#!/bin/bash -e
+# Compatible with OpenSSH >= 7.3 (August 2016)
+
+# Check OpenSSH version.
+less_than_required="7.2"
+installed=`ssh -V 2>&1 | grep -Eo "OpenSSH_[0-9]+\.[0-9]+" | grep -Eo "[0-9]+\.[0-9]+"`
+# Retrieve the highest between the installed version and the requirement.
+highest=`echo -e "$less_than_required\n$installed" | sort -rV | head -n 1`
+
+if [ $highest == $less_than_required ];then
+	echo "Your OpenSSH version is too old for the script to run as it is, please upgrade to OpenSSH 7.3 (August 2016) or higher, or edit the script to adapt it to your version."
+	exit 1
+fi
+
+# Extract the target domain.
+domain=$1
+
+# Get the proxy to use for that domain from the SSH configuration.
+# The -G flag is only available with OpenSSH 6.8 (March 2015) and higher: https://www.openssh.com/txt/release-6.8
+# The proxyjump option is only available with OpenSSH 7.3 (August 2016) and higher: https://www.openssh.com/txt/release-7.3
+proxy=`ssh -G $domain | grep proxyjump | cut -d' ' -f2`
+
+if [ -z $proxy ]; then
+	echo "Couldn't determine the proxy to use to contact $domain, are you sure a \"ProxyJump\" instruction is set in a configuration block matching this host?"
+	exit 1
+fi
+
+# SSH logs the connection closing to stderr, so we need to get rid of that.
+# Plus, dig via ssh appends a '\r' to the variable, which we want to get rid of too.
+ip=`ssh $proxy dig +short $domain 2> /dev/null | tr -d '\r'`
+
+if [ -z "$ip" ]; then
+	echo "Couldn't lookup $domain..."
+	exit 1
+fi
+
+shift # Removes $1 (the FQDN) from $@
+
+# Run the salt-ssh command with the right IP address and going through the bounce.
+# The proxyjump option is only available with OpenSSH 7.3 (August 2016) and higher: https://www.openssh.com/txt/release-7.3
+salt-ssh --roster=scan $ip --ssh-option=ProxyJump=$proxy $@