Ansible uses OpenSSH as the bottomed network communicative implementation, but does it support multi-hop login?
I mean, if Ansible can login a server directly, but can it log in server_a then from server_a login server_b for config the server_b?
Solution:
I do not know how Ansible uses OpenSSH.
But OpenSSH itself supports "multihop logins".
Since OpenSSH 7.3, you can use -J (jump) switch like:
ssh -J user1@host1.example.com user2@host2.example.comThe -J is an equivalent of ProxyJump directive:
ssh -o ProxyJump=user1@host1.example.com user2@host2.example.comNote that with file transfer tools, like scp and sftp, the -J switch is supported since 8.0 only. With older versions (but at least 7.3), use ProxyJump. See How can I download a file from a host I can only SSH to through another host?
Also note that the versions refer to local versions of OpenSSH. A remote version of OpenSSH is not relevant.
As @GordonDavisson commented, with older versions (but at least 5.4), you can use ProxyCommand directive and -W switch:
ssh -o ProxyCommand="ssh -W %h:%p user1@host1.example.com" user2@host2.example.comWith even older versions, you can use nc command instead of the -W:
ssh -o ProxyCommand="ssh user2@%h nc host2.example.com 22" -o HostKeyAlias=host2.example.com host1.example.comAll the above options are covered in more details in Wikibooks articleOpenSSH/Cookbook/Proxies and Jump Hosts.
Another options is to use port forwarding (-L switch). But that involves two ssh instances. I’m not sure if that’s possible with Ansible.