-
Notifications
You must be signed in to change notification settings - Fork 1
/
aws-ssh-connector
executable file
·124 lines (101 loc) · 2.95 KB
/
aws-ssh-connector
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/usr/bin/env bash
#
# $Id$
#
# Simple wrapper around aws tools to connect by instance id
########### CONFIGURATION START ###########
# the bastion base name host
_bastion_base='bastion'
_bastion_end='company.com'
# region map
declare -A _region_map=(
[eu1]=eu-west-1
[us1]=us-west-1
[ap1]=ap-southeast-1
)
# your username on the bastion host
_personal_user='username'
########### CONFIGURATION END ###########
#set -x
set -e
# how we named this thing
_app_name=$( basename $0 )
# first 3 letters are region
_region_short=$( echo ${_app_name} | cut -c 1-3 )
# next 3 is command (support ssh/scp)
_command=$( echo ${_app_name} | cut -c 4- )
# check if we have a valid command
if [ $( echo ${_app_name} | wc -c ) -lt 6 ]; then
# too short command
echo "I don't know how to handle such combination ( region: ${_region_short}, command: ${_command} )"
exit 9
fi
# now get the full names
_full_region=${_region_map[${_region_short}]}
# do we have a region
if [ -z ${_full_region} ] ; then
echo 'I have no valid region'
exit 9
fi
# _temp the $1 and let's start parsing
_temp=${1}
if echo ${_temp} | egrep -q '@' ; then
# so we have a username probably. Assign and cut
_username=$( echo ${_temp} | cut -d\@ -f 1 )
_t=$( echo ${_temp} | cut -d\@ -f 2 )
_temp=${_t}
unset _t
fi
if echo ${_temp} | egrep -q ':' ; then
# we might be trying scp
echo 'scp not fully supported'
_fileinfo=$( echo ${_temp} | cut -d\: -f2- )
_t=$( echo ${_temp} | cut -d\: -f 1 )
_temp=${_t}
unset _t
fi
# now hopefully the host is clean
_host="i-${_temp#i-*}"
shift
echo -en "AWS Region:\t${_full_region}\n"
echo -en "Instance id:\t${_host}\n\n"
# Prep a temporary config file so we can be fancy
mkdir -p ~/.ssh/tempconfs
conf_file=$( mktemp ~/.ssh/tempconfs/${_host}.XXXXXX )
trap "rm -f ${conf_file}" EXIT ERR
#echo ${conf_file}
cat > ${conf_file} <<CONFEND
# final defaults
Host *
SendEnv LC_*
ServerAliveCountMax 5
ServerAliveInterval 30
TCPKeepAlive yes
# VisualHostKey yes
ForwardAgent yes
ConnectTimeout 60
User ${_username:-root}
PreferredAuthentications publickey
IdentitiesOnly yes
IdentityFile ~/.ssh/id_rsa_${_full_region}
StrictHostKeyChecking no
CheckHostIP no
UserKnownHostsFile /dev/null
Host bastion
Hostname ${_bastion_base}.${_full_region}a.${_bastion_end}
User ${_personal_user}
IdentityFile ~/.ssh/id_rsa
CONFEND
# Get the full public name of the instance
instance_addr=$( ec2-describe-instances --region ${_full_region} ${_host} | awk '/INSTANCE/{print $5}' )
if [ -z ${instance_addr} ] ; then exit 9 ; fi
# Finish writing the config file
echo "Host ${_host}" >> ${conf_file}
echo -e "\tHostname ${instance_addr}" >> ${conf_file}
echo -e "\tProxyCommand ssh cc1eu exec nc %h %p 2>/dev/null" >> ${conf_file}
# and now just connect
if [[ "x${_command}x" == "xscpx" ]] ; then
${_command} -F ${conf_file} ${_host}:${_fileinfo} "$@"
else
${_command} -F ${conf_file} ${_host} "$@"
fi