{ "info": { "author": "Emmanuel Rodriguez", "author_email": "emmanuel.rodriguez@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Environment :: Console", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "License :: OSI Approved :: MIT License", "Programming Language :: Python :: 2", "Topic :: System :: Systems Administration" ], "description": "# AWS SSH Proxy\n\nAn ssh `ProxyCommand` utility that allows users to ssh by using the AWS EC2\ninstance names instead of having to remember the random public DNS names used by\nAWS for each instance.\n\nThe idea is that AWS EC2 instance names used will have a more memorable name\nthat users will be remember and share. With this utility it is now possible to\nuse these names as functional host names recognized by ssh and any other command\nthat relies on ssh:\n\n - ssh\n - scp\n - rsync\n - sftp\n - git\n - FUSE\n - Gnome's VFS\n\n \n# Installation\n\nTo install it run:\n\n```\npip install aws-ssh-proxy\n```\n\nThen update your ssh configuration `~/.ssh/config` with:\n\n```\nHost *\n ProxyCommand aws-ssh-proxy %h %p\n```\n\nYou might want to update your ssh configuration with a more specific rule.\nSee the rest of the document for a more elaborate setup.\n\n# How it works\n\nIn order to use this command with ssh it is required that the argument\n`ProxyCommand` is used. This will instruct ssh to request at the program passed\nto establish the connection to the remote host.\n\nThis program will then search the list of AWS EC2 instances that are running for\none who's name matches the hostname passed in parameter.\n\nFor the program to work you will need to have your environment setup in order to\nwork with AWS. This usually means that you have the following environment\nvariables defined:\n\n - `AWS_ACCESS_KEY_ID`\n - `AWS_SECRET_ACCESS_KEY`\n\n# SSH Configuration\n\nModify your ssh configuration (`~/.ssh/config`) so that `ProxyCommand` uses\n`aws-ssh-proxy`.\n\nThere are multiple ways to achieve this. In theory the following configuration\nshould work:\n\n```\nHost *\n ProxyCommand aws-ssh-proxy %h %p\n```\n\nAlthough the previous configuration will work it will probably create problems.\nIt is suggested that you read the next section and setup your own configuration.\n\n\n## Advanced usage\n\nIt is best is you restrict the usage to `aws-ssh-proxy` to only the hosts that are\nin AWS. You can achieve this by simply tricking ssh into believing that all\nyour hosts are under the same domain.\n\nThe idea is to pretend that you own a given domain, for instance `.aws` and to\nbuild an ssh rule that matches that domain. You do not need to own the domain\nnor to have your server names with that domain.\n\nAll that you need is to build a rule so that ssh can match connections to there\nand to instruct it what to do:\n\n```\nHost *.aws # Pretend that our servers all end with .aws\n ProxyCommand aws-ssh-proxy --suffix .aws %h %p # Tell ssh to use aws-ssh-proxy to establish the connection\n```\n\nWit this we can now have the following host names in AWS:\n\n - mysql-dev\n - webserver-dev\n\nAnd we can ssh to them with `ssh webserver-dev.aws` and `ssh mysql-dev.aws`. The\n`.aws` suffix is used only for telling which ssh configuration section to\ntrigger.\n\nThe suffix can be anything, in fact it can be even a prefix and it would work\nperfectly well too:\n\n```\nHost aws-*\n ProxyCommand aws-ssh-proxy --prefix aws- %h %p\n```\n\n# Tweaks\n\nYou can customize your ssh connections to your liking. It is possible to combine\nthis with other ssh rules.\n\n## Prefiling the remote username\n\nIf your AWS EC2 instances are all of the same OS or if most are of the same OS\nyou can set the default user name, for instance Ubuntu servers use the username\n`ubuntu` while AWS EC2's Amazon Linux 2 use `ec2-user`.\n\nYou can combine the rules with the `User` directive:\n\n```\nHost *.aws # Pretend that our servers all end with .aws\n User ec2-user # Default username to use\n ProxyCommand aws-ssh-proxy --suffix .aws %h %p # Tell ssh to use aws-ssh-proxy to establish the connection\n```\nYour ssh connection will then default to be done with the remote use `ec2-user`\nand if you have a server with a different user you can still change it by\nproviding the user name in the command line:\n\n```\nssh -l ubuntu ubuntu-box.aws\nssh ubuntu@ubuntu-box.aws\n```\n\n## Avoiding: Remote host identification changed\n\n**NOTE: Be aware that ignoring the server fingerprint can be a security risk!**\n\nAWS EC2 hosts are ephemeral and can be recreated at any time. Since `aws-ssh-proxy`\navoids that users need to remember that DNS public names and that they can rely\non common names it is possible that names will give ssh errors as EC2 instances\nare replaced and the name remains unchanged.\n\nA typical ssh error when connecting to a host that has changed:\n\n```\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\nIt is also possible that the RSA host key has just been changed.\nThe fingerprint for the RSA key sent by the remote host is\n00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff.\nPlease contact your system administrator.\nAdd correct host key in ~/.ssh/known_hosts to get rid of this message.\nOffending key in ~/.ssh/known_hosts:1\nRSA host key for 10.11.12.13 has changed and you have requested strict checking.\nHost key verification failed.\n```\n\nIn order to avoid these errors it is possible to disable `StrictHostKeyChecking`.\nNote that this will come at its own security risk. If you're not limiting this\nyour own AWS EC2 servers you can be under a lot of risk!\n\nThe configuration can be done for all hosts.\n\n```\nHost *.aws\n ProxyCommand aws-ssh-proxy --suffix .aws %h %p\n StrictHostKeyChecking no\n UserKnownHostsFile /dev/null\n```\n\n**NOTE: Be aware that ignoring the server fingerprint can be a security risk!**\n\n## Corporate firewall issues; http(s) proxy to the rescue\n\nIf you're behind a corporate firewall that prevents you from using ssh directly to AWS EC2 hosts you can try to use your corporate http(s) to the rescue.\n\n```\nHost *.aws\n User ec2-user\n ProxyCommand aws-ssh-proxy --suffix .aws --auto-proxy %h %p\n```\n\nWith `--auto-proxy` the environment variables for the proxy will be used in order to establish a connection via the proxy.\n\nThis is the equivalent of running:\n\n```\nnc -X connect -x $proxy_host:$proxy_port %h %p\n```\n\n**NOTE: You need netcat BSD to be installed for this to work.**", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://gitlab.com/potyl/aws-ssh-proxy/", "keywords": "aws ssh ec2 amazon proxycommand proxy-command", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "aws-ssh-proxy", "package_url": "https://pypi.org/project/aws-ssh-proxy/", "platform": "", "project_url": "https://pypi.org/project/aws-ssh-proxy/", "project_urls": { "Homepage": "https://gitlab.com/potyl/aws-ssh-proxy/" }, "release_url": "https://pypi.org/project/aws-ssh-proxy/0.0.4/", "requires_dist": null, "requires_python": "", "summary": "ssh proxy command for AWS EC2 instances", "version": "0.0.4" }, "last_serial": 5928215, "releases": { "0.0.2": [ { "comment_text": "", "digests": { "md5": "b4d9f081110fd0998b2e13822cae8d61", "sha256": "8cec8285bd8519391554802f03417a5ba19a9d8ce894251adce9c27cd8fe6169" }, "downloads": -1, "filename": "aws-ssh-proxy-0.0.2.tar.gz", "has_sig": false, "md5_digest": "b4d9f081110fd0998b2e13822cae8d61", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5186, "upload_time": "2018-08-31T07:41:42", "url": "https://files.pythonhosted.org/packages/69/c9/cbf3249e0d63a571625e4335a0ec82117b848133f6e34f01a0ad9a0409f0/aws-ssh-proxy-0.0.2.tar.gz" } ], "0.0.3": [ { "comment_text": "", "digests": { "md5": "db0d505631f85dec8e9aee325ef53e57", "sha256": "f52285a1e8edbadbace4e69e1072c9e019994ce91a3a4179d64f3f6f42f5b96a" }, "downloads": -1, "filename": "aws-ssh-proxy-0.0.3.tar.gz", "has_sig": false, "md5_digest": "db0d505631f85dec8e9aee325ef53e57", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5900, "upload_time": "2019-06-13T07:52:32", "url": "https://files.pythonhosted.org/packages/5a/7c/cff634b7e09191bfed0b65a7f1c175461182c682e05118641e76a47dd65e/aws-ssh-proxy-0.0.3.tar.gz" } ], "0.0.4": [ { "comment_text": "", "digests": { "md5": "b49b8b68cb3824134175f21e40e17183", "sha256": "5f317652bf21bb30c375927828f0f43aa992ae1fbb546150ff44e5482e04d014" }, "downloads": -1, "filename": "aws-ssh-proxy-0.0.4.tar.gz", "has_sig": false, "md5_digest": "b49b8b68cb3824134175f21e40e17183", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5988, "upload_time": "2019-10-04T13:02:11", "url": "https://files.pythonhosted.org/packages/da/03/e3f10de303c80e511a6a4ffc8eefc0a760741b5c57b96e306fa27079b35e/aws-ssh-proxy-0.0.4.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "b49b8b68cb3824134175f21e40e17183", "sha256": "5f317652bf21bb30c375927828f0f43aa992ae1fbb546150ff44e5482e04d014" }, "downloads": -1, "filename": "aws-ssh-proxy-0.0.4.tar.gz", "has_sig": false, "md5_digest": "b49b8b68cb3824134175f21e40e17183", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5988, "upload_time": "2019-10-04T13:02:11", "url": "https://files.pythonhosted.org/packages/da/03/e3f10de303c80e511a6a4ffc8eefc0a760741b5c57b96e306fa27079b35e/aws-ssh-proxy-0.0.4.tar.gz" } ] }