Hi,

I have a situation with a special kind of bastion host. As far as I read the connection type plugins (ssh, paramiko_ssh, winrm) it seems that this is the only way to actually do this, see below for a typical session that needs to happen.

Any other ideas short of writing a connection plugin?

I’m even thinking about simply dropping ansible on the bastion host and be done with it. I’m not sure I want to get into the details of actually tunneling ansible from my local workstation thru the bastion host to have an easier time running the commands…

At my current customer there’s no control whatsoever on changing this weird bastion host setup, I have neither control nor a chance to change it. So please don’t suggest a change to the setup. It is just a requirement.

This is the shell situation for a typical session:

start a “simple” ssh session form the bastion host

bastion[~]$ bastion_ssh.sh ansible-controlled-host root

root@ansible-controlled-host[~]$ # do whatever admin task is required

root@ansible-controlled-host[~]$ exit

bastion[~]$ bastion_ssh.sh ansible-controlled-host root

equivalent of scp (no equivalent of sftp operations)

local to remote

urp_scp.sh test root@vievmnislp2:/tmp/

remote to local (note no recursive stuff!)

urp_scp.sh root@vievmnislp2:/tmp/

equivalent of ssh root@target uptime

bastion[~]$ bastion_script.sh ansible-controlled-host root uptime

switching users (sorry no sudo)

bastion_script.sh ansible-controlled-host root “su someuser -s /bin/bash -c’whoami’”