-
-
Save jwatson3d/17faae4b28d65c6ee6175245d02207e4 to your computer and use it in GitHub Desktop.
Revisions
-
rdkls revised this gist
Feb 10, 2020 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,9 @@ # # Installation # # First run your eye over this script to check for malicious code # Then run this script without arguments to automatically perform all install steps on your client: # # curl -s https://gist.github.com/rdkls/f997cdd2c0e95a6cd5bb1241ba8fd834/raw/aws-ssm-ec2-proxy-command.sh | bash # # It will: -
Feb 6, 2020 . 1 changed file with 18 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,12 +1,15 @@ #!/usr/bin/env bash # # Description # Bootstrap SSH Session to an SSM-managed instance # by temporarily adding a public SSH key available on the local machine (ssh-agent or in ~/.ssh) # # # Installation # # Run this script without arguments to automatically perform all install steps on your client: # curl -s https://gist.github.com/rdkls/f997cdd2c0e95a6cd5bb1241ba8fd834/raw/aws-ssm-ec2-proxy-command.sh | bash # # It will: # # #1 Install the AWS CLI @@ -23,7 +26,8 @@ # Host i-* mi-* ssm-jumphost # ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p # # # Host Requirements # # #1 Ensure SSM Permissions of Target Instance Profile # @@ -36,9 +40,19 @@ # or # aws ssm send-command --instance-ids i-xxxxxxxxxx --document-name AWS-UpdateSSMAgent # # # Connect to ec2 instance # # ssh ec2-user@i-xxxxxxxxxx # ssh -N -L 5432:myrds.cunh7nydpqk3.ap-southeast-2.rds.amazonaws.com:5432 ubuntu@i-xxjumpboxx # # # TODO # Possibly - replace the SSH key provisioning with ec2 instance connect # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-set-up.html # Although 'neater' and using an official AWS Service, # this does increase requirements to having EC2 instance connect installed (scripts + sshd config AuthorizedKeysCommand) # And adding relevant IAM perms to the accessing role (ec2-instance-connect:SendSSHPublicKey) # ################################################################################ -
Feb 5, 2020 . 1 changed file with 6 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,7 +5,9 @@ # # Installation # # Run this script without arguments to automatically perform these install steps on your client: # curl -s https://gist.github.com/rdkls/f997cdd2c0e95a6cd5bb1241ba8fd834/raw/aws-ssm-ec2-proxy-command.sh | bash # It will: # # #1 Install the AWS CLI # https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html @@ -59,7 +61,7 @@ main() { usage=" Usage:\n aws-ssm-ec2-proxy-command.sh install [install-location (default ~/.ssh)]\n aws-ssm-ec2-proxy-command.sh i-xxxxxxx [ssh-username] [ssh-port]\n " if [[ "install" == $cmd ]] ; then echo @@ -71,7 +73,7 @@ Usage:\n echo -e $usage exit 1 fi #cleanup connect $ec2_instance_id $ssh_user $ssh_port exit 0 fi @@ -113,7 +115,7 @@ install_aws_cli_session_manager_plugin() { sudo dpkg -i /tmp/session-manager-plugin.deb rm /tmp/session-manager-plugin.deb else echo "Don't know how to install session-manager-plugin for your system - please do so manually then try again. Refer here for instructions: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html" exit 1 fi } -
Feb 5, 2020 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -134,6 +134,7 @@ install() { mkdir -p `dirname $install_location` curl -s $THIS_SCRIPT_URL > $install_location chmod +x $install_location # Update ssh config, if needed if [[ -z `grep 'Host i-\*' ~/.ssh/config` ]] ; then -
Feb 5, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -44,7 +44,7 @@ DEFAULT_SSH_PUBLIC_KEY_PATHS="${HOME}/.ssh/id_rsa.pub ${HOME}/.ssh/id_ed25519.pu SSH_PUBLIC_KEY_TIMEOUT=5 SSH_USER_DEFAULT=ec2-user SSH_PORT_DEFAULT=22 THIS_SCRIPT_URL="https://gist.github.com/rdkls/f997cdd2c0e95a6cd5bb1241ba8fd834/raw/aws-ssm-ec2-proxy-command.sh" main() { -
Feb 5, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -44,7 +44,7 @@ DEFAULT_SSH_PUBLIC_KEY_PATHS="${HOME}/.ssh/id_rsa.pub ${HOME}/.ssh/id_ed25519.pu SSH_PUBLIC_KEY_TIMEOUT=5 SSH_USER_DEFAULT=ec2-user SSH_PORT_DEFAULT=22 THIS_SCRIPT_URL="https://gist.github.com/rdkls/f997cdd2c0e95a6cd5bb1241ba8fd834/raw/d819e607fc965a1f26117b12b48b52914020bf79/aws-ssm-ec2-proxy-command.sh" main() { -
Feb 5, 2020 . 1 changed file with 0 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -46,10 +46,6 @@ SSH_USER_DEFAULT=ec2-user SSH_PORT_DEFAULT=22 THIS_SCRIPT_URL="https://gist.github.com/rdkls/f997cdd2c0e95a6cd5bb1241ba8fd834/raw/aws-ssm-ec2-proxy-command.sh" main() { -
Feb 5, 2020 . 1 changed file with 10 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -44,9 +44,15 @@ DEFAULT_SSH_PUBLIC_KEY_PATHS="${HOME}/.ssh/id_rsa.pub ${HOME}/.ssh/id_ed25519.pu SSH_PUBLIC_KEY_TIMEOUT=5 SSH_USER_DEFAULT=ec2-user SSH_PORT_DEFAULT=22 THIS_SCRIPT_URL="https://gist.github.com/rdkls/f997cdd2c0e95a6cd5bb1241ba8fd834/raw/aws-ssm-ec2-proxy-command.sh" echo echo "$0" echo echo '...' main() { args=($@) local cmd=${args[0]-install} local install_location=${args[1]-~/.ssh/aws-ssm-ec2-proxy-command.sh} @@ -60,6 +66,8 @@ Usage:\n aws-ssm-ec2-proxy-command.sh connect i-xxxxxxx [ssh-username] [ssh-port]\n " if [[ "install" == $cmd ]] ; then echo echo install $install_location exit 0 else @@ -128,7 +136,8 @@ install() { install_aws_cli_session_manager_plugin mkdir -p `dirname $install_location` curl -s $THIS_SCRIPT_URL > $install_location # Update ssh config, if needed if [[ -z `grep 'Host i-\*' ~/.ssh/config` ]] ; then -
Feb 5, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -103,7 +103,7 @@ install_aws_cli_session_manager_plugin() { curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/mac/sessionmanager-bundle.zip" -o "/tmp/sessionmanager-bundle.zip" unzip -d /tmp/ /tmp/sessionmanager-bundle.zip sudo /tmp/sessionmanager-bundle/install -i /usr/local/sessionmanagerplugin -b /usr/local/bin/session-manager-plugin rm /tmp/session-manager-plugin-bundle.zip elif [[ -n `echo $uname | grep Ubuntu` ]] ; then curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "/tmp/session-manager-plugin.deb" sudo dpkg -i /tmp/session-manager-plugin.deb -
Feb 5, 2020 . 1 changed file with 191 additions and 89 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,114 +1,216 @@ #!/usr/bin/env bash # Description # Bootstrap SSH Session to an SSM-managed instance # by temporarily adding a public SSH key available on the local machine (ssh-agent or in ~/.ssh) # # Installation # # Run this script without arguments to automatically perform these install steps on your client # # #1 Install the AWS CLI # https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html # # #2 Install the Session Manager Plugin for the AWS CLI # https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html # # #3 Install this script # - Move this script to ~/.ssh/aws-ssm-ec2-proxy-command.sh # - Make it executable (chmod +x ~/.ssh/aws-ssm-ec2-proxy-command.sh) # # #4 Update your SSH config to use this script as ProxyCommand when SSH'ing to EC2 instances: # Host i-* mi-* ssm-jumphost # ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p # # Usage # # #1 Ensure SSM Permissions of Target Instance Profile # # https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html # # #2 Ensure latest SSM Agent on Target Instance # # Is preinstalled on all amazon linux AMIs, however may needs to be updated # yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm & service amazon-ssm-agent restart # or # aws ssm send-command --instance-ids i-xxxxxxxxxx --document-name AWS-UpdateSSMAgent # # #3 Connect to ec2 instance # # AWS_PROFILE='default' ssh ec2-user@i-xxxxxxxxxx # ################################################################################ DEFAULT_SSH_PUBLIC_KEY_PATHS="${HOME}/.ssh/id_rsa.pub ${HOME}/.ssh/id_ed25519.pub" SSH_PUBLIC_KEY_TIMEOUT=5 SSH_USER_DEFAULT=ec2-user SSH_PORT_DEFAULT=22 main() { args=($@) local cmd=${args[0]-install} local install_location=${args[1]-~/.ssh/aws-ssm-ec2-proxy-command.sh} local ec2_instance_id=${args[0]} local ssh_user=${args[1]-$SSH_USER_DEFAULT} local ssh_port=${args[2]-$SSH_PORT_DEFAULT} usage=" Usage:\n aws-ssm-ec2-proxy-command.sh install [install-location (default ~/.ssh)]\n aws-ssm-ec2-proxy-command.sh connect i-xxxxxxx [ssh-username] [ssh-port]\n " if [[ "install" == $cmd ]] ; then install $install_location exit 0 else if [[ -z $ec2_instance_id ]] ; then echo -e $usage exit 1 fi cleanup connect $ec2_instance_id $ssh_user $ssh_port exit 0 fi } install_aws_cli() { if [[ -n `which aws` ]] ; then return fi echo echo "Installing AWS CLI ..." if [[ -n `which python3` ]] ; then sudo pip3 install --prefix=/usr/local awscli elif [[ -n `which python` ]] ; then sudo pip install --prefix=/usr/local awscli else echo "You need python installed!" exit 1 fi echo } install_aws_cli_session_manager_plugin() { if [[ -n `which session-manager-plugin` ]] ; then return fi echo "Installing AWS CLI session-manager-plugin ..." uname=`uname -a` if [[ -n `echo $uname | grep Darwin` ]] ; then curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/mac/sessionmanager-bundle.zip" -o "/tmp/sessionmanager-bundle.zip" unzip -d /tmp/ /tmp/sessionmanager-bundle.zip sudo /tmp/sessionmanager-bundle/install -i /usr/local/sessionmanagerplugin -b /usr/local/bin/session-manager-plugin rm /tmp/session-manager-plugin-bundle.zip.deb elif [[ -n `echo $uname | grep Ubuntu` ]] ; then curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "/tmp/session-manager-plugin.deb" sudo dpkg -i /tmp/session-manager-plugin.deb rm /tmp/session-manager-plugin.deb else echo "Don't know how to install session-manager-plugin for your system - please do so manually" exit 1 fi } cleanup() { # Cleanup any stale running session managers - these may cause us to hang later when trying to connect pkill session-manager-plugin } install() { local install_location=$1 install_aws_cli install_aws_cli_session_manager_plugin mkdir -p `dirname $install_location` cp $0 $install_location # Update ssh config, if needed if [[ -z `grep 'Host i-\*' ~/.ssh/config` ]] ; then echo "Updating ~/.ssh/config to use the script as ProxyCommand for 'ssh i-*'" echo " Host i-* mi-* ssm-jumphost User ${SSH_USER_DEFAULT} ProxyCommand ${install_location} %h %r %p " >> ~/.ssh/config fi echo "Installed to ${install_location}" } get_ssh_public_key() { # Try to get an public ssh key from 'ssh agent' ssh_public_key="$(keys="$(ssh-add -L 2>/dev/null)" && echo $keys | head -1)" if [[ -n "$ssh_public_key" ]]; then ssh_public_key_source='ssh agent' else # Try read public ssh key from '${DEFAULT_SSH_PUBLIC_KEY_PATHS}' for ssh_public_key_path in $DEFAULT_SSH_PUBLIC_KEY_PATHS; do ssh_public_key="$([[ -e "${ssh_public_key_path}" ]] && cat "${ssh_public_key_path}")" if [[ -n "$ssh_public_key" ]]; then ssh_public_key_source="${ssh_public_key_path}" fi done fi # Try getting ANY ssh key in ~/.ssh # If found - start ssh-agent and add it if [[ -z "${ssh_public_key}" ]]; then for ssh_public_key_path in $(ls ~/.ssh/*.pub 2>/dev/null); do # Check we have (what looks like) the corresponding private key ssh_private_key_path="$(dirname $ssh_public_key_path)/$(basename $ssh_public_key_path .pub)" if [[ -e "$ssh_private_key_path" ]] ; then ssh_public_key="$(cat ${ssh_public_key_path})" ssh-agent echo "Adding ${ssh_private_key_path} to ssh-agent ..." ssh-add ${ssh_private_key_path} break fi done fi if [[ -z "$ssh_public_key" ]]; then echo "No ssh key present in ssh agent nor ~/.ssh/" exit 1 fi echo $ssh_public_key } connect() { local ec2_instance_id=$1 local ssh_user=$2 local ssh_port=$3 local ssh_public_key=$(get_ssh_public_key) aws ssm send-command \ --instance-ids "${ec2_instance_id}" \ --document-name 'AWS-RunShellScript' \ --parameters commands="\" sudo su mkdir -p ~${ssh_user}/.ssh chown -R ${ssh_user}:${ssh_user} ~${ssh_user}/.ssh cd ~${ssh_user}/.ssh || exit 1 grep -F '${ssh_public_key}' authorized_keys || echo '${ssh_public_key} ssm-session' >> authorized_keys sleep ${SSH_PUBLIC_KEY_TIMEOUT} grep -v -F '${ssh_public_key}' authorized_keys > .tmp.authorized_keys mv .tmp.authorized_keys authorized_keys \"" \ --comment "grant ssh access for ${SSH_PUBLIC_KEY_TIMEOUT} seconds" # Start SSM SSH session aws ssm start-session \ --target "${ec2_instance_id}" \ --document-name "AWS-StartSSHSession" \ --parameters "portNumber=${ssh_port}" } main "$@" -
Feb 4, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -60,7 +60,7 @@ fi ssh_public_key_timeout=10 # Try to get an public ssh key from 'ssh agent' ssh_public_key="$(keys="$(ssh-add -L 2>/dev/null)" && echo $keys | head -1)" if [[ -n "$ssh_public_key" ]]; then ssh_public_key_source='ssh agent' else -
Feb 4, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -16,7 +16,7 @@ # - Make it executable (chmod +x ~/.ssh/aws-ssm-ec2-proxy-command.sh) # # #4 Setup SSH Config # - Add following entry to your ~/.ssh/config # # host i-* mi-* ssm-jumphost # ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p -
Feb 4, 2020 . 1 changed file with 33 additions and 12 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,4 @@ #!/usr/bin/env sh # Description # Bootstrap SSH Session to an SSM-managed instance # by temporarily adding a public SSH key available on the local machine (ssh-agent or in ~/.ssh) @@ -41,8 +40,10 @@ ec2_instance_id="$1" ssh_user="${2:-ec2-user}" ssh_port="${3-22}" ssh_public_key_paths="${HOME}/.ssh/id_rsa.pub ${HOME}/.ssh/id_ed25519.pub" # Cleanup any stale running session managers - these may cause us to hang later when trying to connect pkill session-manager-plugin # A magic hostname when we don't know/care about the intermediate jump host # just want to retrieve him via ec2 instance tag @@ -52,7 +53,7 @@ jumphost_hostname="ssm-jumphost" jumphost_tagname_true="SSM-Jumphost" if [[ "$ec2_instance_id" == $jumphost_hostname ]] ; then ec2_instance_id=`aws --output text ec2 describe-instances --filters Name=tag:$jumphost_tagname_true,Values=True --query "Reservations[0].Instances[0].InstanceId"` fi # Temporary add your public SSH key to authorized_keys on target instance @@ -63,14 +64,34 @@ ssh_public_key="$(keys="$(ssh-add -L)" && echo $keys | head -1)" if [[ -n "$ssh_public_key" ]]; then ssh_public_key_source='ssh agent' else # Try read public ssh key from '${ssh_public_key_paths}' for ssh_public_key_path in $ssh_public_key_paths; do ssh_public_key="$([[ -e "${ssh_public_key_path}" ]] && cat "${ssh_public_key_path}")" if [[ -n "$ssh_public_key" ]]; then ssh_public_key_source="${ssh_public_key_path}" fi done fi # Try getting ANY ssh key in ~/.ssh # If found - start ssh-agent and add it if [[ -z "${ssh_public_key}" ]]; then for ssh_public_key_path in $(ls ~/.ssh/*.pub 2>/dev/null); do # Check we have (what looks like) the corresponding private key ssh_private_key_path="$(dirname $ssh_public_key_path)/$(basename $ssh_public_key_path .pub)" if [[ -e "$ssh_private_key_path" ]] ; then ssh_public_key="$(cat ${ssh_public_key_path})" ssh-agent echo "Adding ${ssh_private_key_path} to ssh-agent ..." ssh-add ${ssh_private_key_path} break fi done fi if [[ -z "$ssh_public_key" ]]; then echo "No ssh key present in ssh agent nor ~/.ssh/" exit 1 fi echo "Temporary add your public ssh key from '$ssh_public_key_source' to authorized_keys on target instance ${ec2_instance_id}" -
Oct 21, 2019 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,7 +19,7 @@ # #4 Setup SSH Config # - Add foolowing entry to your ~/.ssh/config # # host i-* mi-* ssm-jumphost # ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p # # #5 Ensure SSM Permissions of Target Instance Profile @@ -44,7 +44,7 @@ ssh_port="${3-22}" #ssh_public_key_path="${HOME}/.ssh/id_rsa.pub" ssh_public_key_path="${HOME}/.ssh/id_ed25519.pub" # A magic hostname when we don't know/care about the intermediate jump host # just want to retrieve him via ec2 instance tag jumphost_hostname="ssm-jumphost" -
Oct 21, 2019 . 1 changed file with 18 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,10 @@ #!/usr/bin/env sh # Description # Bootstrap SSH Session to an SSM-managed instance # by temporarily adding a public SSH key available on the local machine (ssh-agent or in ~/.ssh) # # Usage # # #1 Install the AWS CLI # https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html @@ -37,7 +41,19 @@ ec2_instance_id="$1" ssh_user="${2:-ec2-user}" ssh_port="${3-22}" #ssh_public_key_path="${HOME}/.ssh/id_rsa.pub" ssh_public_key_path="${HOME}/.ssh/id_ed25519.pub" # A magic name when we don't know/care about the intermediate jump host # just want to retrieve him via ec2 instance tag jumphost_hostname="ssm-jumphost" # An EC2 instance Tag that should have vale = True to denote this as an SSM Jumpbox jumphost_tagname_true="SSM-Jumphost" if [[ "$ec2_instance_id" == $jumphost_hostname ]] ; then ec2_instance_id=`aws --output text ec2 describe-instances --filters Name=tag:$jumphost_tagname_true,Values=True --query "Reservations[0].Instances[0].InstanceId"` fi # Temporary add your public SSH key to authorized_keys on target instance ssh_public_key_timeout=10 -
Oct 21, 2019 . 1 changed file with 3 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -34,8 +34,9 @@ ################################################################################ ec2_instance_id="$1" ssh_user="${2:-ec2-user}" ssh_port="${3-22}" ssh_public_key_path="${HOME}/.ssh/id_rsa.pub" # Temporary add your public SSH key to authorized_keys on target instance -
Oct 21, 2019 . 1 changed file with 0 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,4 @@ #!/usr/bin/env sh ######## Usage ################################################################# # -
qoomon revised this gist
Oct 9, 2019 . 1 changed file with 17 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -41,8 +41,23 @@ ssh_public_key_path="${HOME}/.ssh/id_rsa.pub" # Temporary add your public SSH key to authorized_keys on target instance ssh_public_key_timeout=10 # Try to get an public ssh key from 'ssh agent' ssh_public_key="$(keys="$(ssh-add -L)" && echo $keys | head -1)" if [[ -n "$ssh_public_key" ]]; then ssh_public_key_source='ssh agent' else # Try read public ssh key from '${ssh_public_key_path}' ssh_public_key="$([[ -e "${ssh_public_key_path}" ]] && cat "${ssh_public_key_path}")" if [[ -n "$ssh_public_key" ]]; then ssh_public_key_source="${ssh_public_key_path}" else echo "No ssh key present in ssh agent nor at ${ssh_public_key_path}" exit 1 fi fi echo "Temporary add your public ssh key from '$ssh_public_key_source' to authorized_keys on target instance ${ec2_instance_id}" aws ssm send-command \ --instance-ids "${ec2_instance_id}" \ --document-name 'AWS-RunShellScript' \ -
Oct 9, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,5 @@ #!/usr/bin/env sh set -euo pipefail ######## Usage ################################################################# # -
Oct 9, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,5 @@ #!/usr/bin/env sh set -eu pipefail ######## Usage ################################################################# # -
Oct 9, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -42,7 +42,7 @@ ssh_public_key_path="${HOME}/.ssh/id_rsa.pub" # Temporary add your public SSH key to authorized_keys on target instance ssh_public_key_timeout=10 ssh_public_key="$(cat "${ssh_public_key_path}")" echo "Temporary add your public ssh key ${ssh_public_key_path} to authorized_keys on target instance ${ec2_instance_id}" aws ssm send-command \ --instance-ids "${ec2_instance_id}" \ --document-name 'AWS-RunShellScript' \ -
Oct 2, 2019 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -25,9 +25,10 @@ set -eu # # #6 Ensure latest SSM Agent on Target Instance # # Is preinstalled on all amazon linux AMIs, however may needs to be updated # yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm & service amazon-ssm-agent restart # # #7 Finally connect to ec2 instance # # AWS_PROFILE='default' ssh ec2-user@i-xxxxxxxxxxxxxxxx # -
Oct 2, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,7 +19,7 @@ set -eu # host i-* mi-* # ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p # # #5 Ensure SSM Permissions of Target Instance Profile # # https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html # -
Aug 15, 2019 . 1 changed file with 5 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -36,19 +36,20 @@ set -eu ec2_instance_id="$1" ssh_user="${2}" ssh_port="${3}" ssh_public_key_path="${HOME}/.ssh/id_rsa.pub" # Temporary add your public SSH key to authorized_keys on target instance ssh_public_key_timeout=10 ssh_public_key="$(cat "${ssh_public_key_path}")" echo "Temporary add your ssh key ${ssh_public_key_path} to authorized_keys on target instance ${ec2_instance_id}" aws ssm send-command \ --instance-ids "${ec2_instance_id}" \ --document-name 'AWS-RunShellScript' \ --parameters commands="\" cd ~${ssh_user}/.ssh || exit 1 grep -F '${ssh_public_key}' authorized_keys || echo '${ssh_public_key} ssm-session' >> authorized_keys sleep ${ssh_public_key_timeout} grep -v -F '${ssh_public_key}' authorized_keys > .tmp.authorized_keys mv .tmp.authorized_keys authorized_keys \"" \ --comment "grant ssh access for ${ssh_public_key_timeout} seconds" -
Aug 14, 2019 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -34,8 +34,8 @@ set -eu ################################################################################ ec2_instance_id="$1" ssh_user="${2}" ssh_port="${3}" ssh_puplic_key_path="${HOME}/.ssh/id_rsa.pub" # Temporary add your public SSH key to authorized_keys on target instance @@ -45,7 +45,7 @@ aws ssm send-command \ --instance-ids "${ec2_instance_id}" \ --document-name 'AWS-RunShellScript' \ --parameters commands="\" cd ~${ssh_user}/.ssh || exit 1 grep -F '${ssh_puplic_key}' authorized_keys || echo '${ssh_puplic_key} ssm-session' >> authorized_keys sleep ${ssh_public_key_timeout} grep -v -F '${ssh_puplic_key}' authorized_keys > .tmp.authorized_keys -
Aug 14, 2019 . 1 changed file with 9 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,7 +19,15 @@ set -eu # host i-* mi-* # ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p # # #5 Ensure SSM Permissions fo Target Instance Profile # # https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html # # #6 Ensure latest SSM Agent on Target Instance # # yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm & service amazon-ssm-agent restart # # #7 Open SSH Connection # # AWS_PROFILE='default' ssh ec2-user@i-xxxxxxxxxxxxxxxx # -
Aug 13, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,52 @@ #!/usr/bin/env sh set -eu ######## Usage ################################################################# # # #1 Install the AWS CLI # https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html # # #2 Install the Session Manager Plugin for the AWS CLI # https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html # # #3 Install ProxyCommand # - Move this script to ~/.ssh/aws-ssm-ec2-proxy-command.sh # - Make it executable (chmod +x ~/.ssh/aws-ssm-ec2-proxy-command.sh) # # #4 Setup SSH Config # - Add foolowing entry to your ~/.ssh/config # # host i-* mi-* # ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p # # #5 Open SSH Connection # # AWS_PROFILE='default' ssh ec2-user@i-xxxxxxxxxxxxxxxx # ################################################################################ ec2_instance_id="$1" ssh_user="${2:-${USER}}" ssh_port="${3:-20}" ssh_puplic_key_path="${HOME}/.ssh/id_rsa.pub" # Temporary add your public SSH key to authorized_keys on target instance ssh_public_key_timeout=10 ssh_puplic_key="$(cat "${ssh_puplic_key_path}")" aws ssm send-command \ --instance-ids "${ec2_instance_id}" \ --document-name 'AWS-RunShellScript' \ --parameters commands="\" cd ~${ssh_user}/.ssh grep -F '${ssh_puplic_key}' authorized_keys || echo '${ssh_puplic_key} ssm-session' >> authorized_keys sleep ${ssh_public_key_timeout} grep -v -F '${ssh_puplic_key}' authorized_keys > .tmp.authorized_keys mv .tmp.authorized_keys authorized_keys \"" \ --comment "grant ssh access for ${ssh_public_key_timeout} seconds" # Start SSM SSH session aws ssm start-session \ --target "${ec2_instance_id}" \ --document-name 'AWS-StartSSHSession' \ --parameters "portNumber=${ssh_port}"