Skip to content

Conversation

Hallian
Copy link

@Hallian Hallian commented Nov 27, 2019

Issue #2

Description of changes:
Add -J flag to mssh to support bastion/jumphosts via ProxyCommand.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@stanislr
Copy link

Any idea when this will be merged?

@Hallian
Copy link
Author

Hallian commented Feb 17, 2020

@stanislr I wouldn't hold your breath. Given the lack of communication from AWS and the code quality of this tool, I think that it's unlikely this will ever get merged.

On the subject of code quality, instead of using this tool I would advise using a script like this:

#!/usr/bin/env bash

ssh-keygen -t rsa -f mynew_key
aws ec2-instance-connect send-ssh-public-key \
	--region us-east-1 \
	--instance-id BASTION_INSTANCE_ID \
	--availability-zone us-east-1f \
	--instance-os-user bastion-user \
	--ssh-public-key file://mynew_key.pub
aws ec2-instance-connect send-ssh-public-key \
	--region us-east-1 \
	--instance-id TARGET_INSTANCE_ID \
	--availability-zone us-east-1f \
	--instance-os-user target-user \
	--ssh-public-key file://mynew_key.pub
ssh -i mynew_key -J bastion-user@bastion-host target-user@target-host

This will get you far greater control over the parameters when it comes to the subsequent SSH command. You can of course abstract away the duplicate aws command lines into a bash function and create functions for automatically fetching the instance IPs and what not.

Also, be aware that you can obviate the need for Bastion hosts by using Session Manager instead.

@stanislr
Copy link

stanislr commented Feb 18, 2020

@Hallian tnx,
Regarding script you suggested, I have already started to write something similar in Python.
Snippet of my send ssh public key function(not finished) that gets dict of servers as parameter:

def send_ssh_public_key(servers, public_key_path, profile, region):
    session = boto3.Session(profile_name=profile)
    try:
        ec2_client = session.client('ec2', region)
        for instance_id in servers:
            response = ec2_client.describe_instances(InstanceIds=[instance_id])
            availability_zone = response['Reservations'][0]['Instances'][0]['Placement']['AvailabilityZone']
            servers[instance_id] = availability_zone
            LOGGER.info('EC2 instance_id: %s, availability_zone: %s', instance_id, servers[instance_id])
    except Exception as err:
        LOGGER.error("Failed to retrieve instance's AZ", err)
        sys.exit(1)

    try:
        with open(public_key_path) as public_key_file:
            public_key = public_key_file.read()
    except Exception as err:
        LOGGER.error("Failed to read file %s because of %s", public_key_path, err)
        sys.exit(1)

    try:
        inst_conn_client = session.client('ec2-instance-connect', region)
        for instance_id, availability_zone in servers.items():
            response = inst_conn_client.send_ssh_public_key(
                InstanceId=instance_id,
                InstanceOSUser=INSTANCE_OS_USER,
                SSHPublicKey=public_key,
                AvailabilityZone=availability_zone
            )
            print(response)
    except Exception as err:
        LOGGER.error("Failed to send ssh public key", err)
        sys.exit(1)

@mdebord-dlr
Copy link

Would be nice to see this implemented. Is this project abandoned by Amazon? The last commit to main was over a year ago.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants