search

aws / aws-ec2-instance-connect-cli

This is an all-in-one client for EC2 Instance Connect that handles key brokerage and establishing connection to EC2 Instances through an interface near-identical to standard system ssh, sftp, and other utilities.
Apache License 2.0
159 stars 42 forks source link

Add support for jumphosts via ProxyCommand #11

Open Hallian opened 4 years ago

Hallian commented 4 years ago

Issue #2

Description of changes: Add -J flag to mssh to support bastion/jumphosts via ProxyCommand.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

stanislr commented 4 years ago

Any idea when this will be merged?

Hallian commented 4 years ago

@stanislr I wouldn't hold your breath. Given the lack of communication from AWS and the code quality of this tool, I think that it's unlikely this will ever get merged.

On the subject of code quality, instead of using this tool I would advise using a script like this:

#!/usr/bin/env bash

ssh-keygen -t rsa -f mynew_key
aws ec2-instance-connect send-ssh-public-key \
    --region us-east-1 \
    --instance-id BASTION_INSTANCE_ID \
    --availability-zone us-east-1f \
    --instance-os-user bastion-user \
    --ssh-public-key file://mynew_key.pub
aws ec2-instance-connect send-ssh-public-key \
    --region us-east-1 \
    --instance-id TARGET_INSTANCE_ID \
    --availability-zone us-east-1f \
    --instance-os-user target-user \
    --ssh-public-key file://mynew_key.pub
ssh -i mynew_key -J bastion-user@bastion-host target-user@target-host

This will get you far greater control over the parameters when it comes to the subsequent SSH command. You can of course abstract away the duplicate aws command lines into a bash function and create functions for automatically fetching the instance IPs and what not.

Also, be aware that you can obviate the need for Bastion hosts by using Session Manager instead.

stanislr commented 4 years ago

@Hallian tnx, Regarding script you suggested, I have already started to write something similar in Python. Snippet of my send ssh public key function(not finished) that gets dict of servers as parameter:

def send_ssh_public_key(servers, public_key_path, profile, region):
    session = boto3.Session(profile_name=profile)
    try:
        ec2_client = session.client('ec2', region)
        for instance_id in servers:
            response = ec2_client.describe_instances(InstanceIds=[instance_id])
            availability_zone = response['Reservations'][0]['Instances'][0]['Placement']['AvailabilityZone']
            servers[instance_id] = availability_zone
            LOGGER.info('EC2 instance_id: %s, availability_zone: %s', instance_id, servers[instance_id])
    except Exception as err:
        LOGGER.error("Failed to retrieve instance's AZ", err)
        sys.exit(1)

    try:
        with open(public_key_path) as public_key_file:
            public_key = public_key_file.read()
    except Exception as err:
        LOGGER.error("Failed to read file %s because of %s", public_key_path, err)
        sys.exit(1)

    try:
        inst_conn_client = session.client('ec2-instance-connect', region)
        for instance_id, availability_zone in servers.items():
            response = inst_conn_client.send_ssh_public_key(
                InstanceId=instance_id,
                InstanceOSUser=INSTANCE_OS_USER,
                SSHPublicKey=public_key,
                AvailabilityZone=availability_zone
            )
            print(response)
    except Exception as err:
        LOGGER.error("Failed to send ssh public key", err)
        sys.exit(1)
mdebord-dlr commented 1 year ago

Would be nice to see this implemented. Is this project abandoned by Amazon? The last commit to main was over a year ago.