Unroll/'decide' SSH config

[asquirrel]

I have a fairly complex network setup. Each datacenter has an access host (let's call it a gatekeeper) that you have to connect to before you can SSH to any hosts inside. Here's an example for trying to connect to 10.199.199.4

Host *
    ForwardAgent yes
    ServerAliveCountMax 4

Host gatekeeper-9234
    DynamicForward 9234
    Hostname gc1-bos-l3-otherfakestuff.domain.com
    PubkeyAuthentication no
    User gc1username

Host gatekeeper-9345
    DynamicForward 9345
    Hostname gc1-la-att-otherfakestuff.domain.com
    PubkeyAuthentication no
    User gc1username

Host 10.199.* !10.199.199.*
    ProxyCommand /some/script/to/make/proxy/work 9345
    UserKnownHostsFile /dev/null

Host 10.199.199.*
    ProxyCommand /some/script/to/make/proxy/work 9234
    UserKnownHostsFile /dev/null

So, basically, if you connected to 10.199.199, it would proxy into the pseduo-host gatekeeper 9234 in Boston via L3 networks. But if you connected to 10.199.198, it would connect to pseudo-host gatekeeper-9345 in LA via AT&T. I can't think of any form of regex that would handle the same IP block appearing multiple times, so I think something that actually understands how to parse SSH config in its entirety is needed. Basically, a JSON parser, but for SSH config; something that can read the entire file, understand its rules, and make sense of them. The only thing I need is the resulting ProxyCommand call. The examples I can find all assume no duplicate data.

"Why do I need this?" Access through the gatekeeper is very slow (like, 10Mb/s slow). I need to move files through there and install them on all the hosts. So what I'd like to do is, given a list of all my hosts:

1. Determine which ProxyCommand will be called for each given SSH IP.
2. Group those commands by gatekeeper.
3. Copy the install files, one time, to each gatekeeper.
4. Spawn parallel jobs to be run on each gatekeeper, with a cut-down list of hosts that only that gatekeeper manages, and begin the installs copying the files from the gatekeeper directly the hosts behind that gatekeeper (where bandwidth is 10Gb/s).

"Why not do it by hand?" Because there are around 100 gatekeepers. :( Unwinding all that by hand would take longer than just copying the files.

The only part I need from you is finding the ProxyCommand, the rest of that is just because some people might have a better idea if they understand the overall goal. You can use any language or tool available in linux. I can program myself, but I'd really rather not dig through openSSH's source code to try and find all the functions relevant to parsing SSH config and make my own tool; I was hoping someone would know of a library or tool that was pre-built to do this.

 

Stack Overflow decided that this question wasn't relevant to their platform. I guess that's why all the good questions on that site are from 4 years ago. *shrug* Their loss.