Hosts behind ssh-proxy

Hi,
i am new to using ansible but i am excited about it.
Ansible is so powerful but one thing would make implementation easier for me.

I have some servers I need to connect to via an ssh-proxy.

So far I have not managed to make this possible with ansible.

The connection is done by ssh/scp according to the following pattern:

ssh %%@

Anybody have any idea how to do this with ansible?

Cheers,
Stefan

there was a mistake in the ssh command example. The right one is:

ssh %%@

try this:
https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/ansible-project/-AFEyk69T8k/0X9skiOXCQAJ

try this:
https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/ansible-project/-AFEyk69T8k/0X9skiOXCQAJ

Or if you have a recent enough OpenSSH (7.3), you can use ProxyJump,
which is much simpler:

# from
# https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts

# .ssh/config
Host server2
        HostName 192.168.5.38
        ProxyJump user1@jumphost1.example.org:22
        User fred

Richard

thanks for these suggestions but both seems not work for me.

What i call ssh-proxy does some more magic as a normal jump host.

On the proxy runs a ssh daemon that authenticates against ActiveDirectory and it has a connection to a password-safe.
If i open a connection from my client to a server (user1@myserver.example.com) i use the command:

ssh AD-User%user1%myserver.example.com@ssh-proxy.example.com

At the following password prompt i have to type in my AD-Password. The Proxy check if my AD-User is allowed to connect to myserver.example.com with user1.
If it is allowed it gets the password for user1@myserver.example.com out of the password-safe and use it to connect me to the server.
I don´t know and i don´t need to know the real password. It is completely managed by the password-safe.

I think what i need to do is to get ansible to pass the string

AD-User%user1%myserver.example.com (AD-User%RemoteUser%RemoteHost)

as the Username for a connection to ssh-proxy.example.com

My first idea was to do this in the inventory file like this:

[myserver]
myserver.example.com
[myserver:vars]
ansible_user=AD-User%user1%myserver.example.com
ansible_host=ssh-proxy.example.com

But it does not work.
Does anyone have another idea?

Stefan