A very simple script that queries the AWS EC2 API with boto and generates a SSH config file ready to use. There are a few similar scripts around but I couldn't find one that would satisfy all my wish list:
- Connect to all regions at once
- Do AMI -> user lookup (regexp-based)
- Support public/private IP addresses (for VPNs and VPCs)
- Support multiple instances with same tags (e.g. autoscaling groups) and provide an incremental count for duplicates based on instance launch time
- Support multiple customizable tags concatenations in a user-provided order
- Support region (with AZ) in the host name concatenation
- Properly leverage tab completion
- Use
pipto load the required modules
pip install -r requirements.txt
This assumes boto is installed and configured. Also, private ssh keys must be copied under ~/.ssh/
Supported arguments:
usage: aws-ssh-config.py [-h] [--default-user DEFAULT_USER] [--keydir KEYDIR]
[--no-identities-only] [--postfix POSTFIX]
[--prefix PREFIX] [--private] [--profile PROFILE]
[--proxy PROXY] [--region]
[--ssh-key-name SSH_KEY_NAME]
[--strict-hostkey-checking] [--tags TAGS]
[--user USER]
[--white-list-region WHITE_LIST_REGION [WHITE_LIST_REGION ...]]
optional arguments:
-h, --help show this help message and exit
--default-user DEFAULT_USER
Default ssh username to use if it can't be detected
from AMI name
--keydir KEYDIR Location of private keys
--no-identities-only Do not include IdentitiesOnly=yes in ssh config; may
cause connection refused if using ssh-agent
--postfix POSTFIX Specify a postfix to append to all host names
--prefix PREFIX Specify a prefix to prepend to all host names
--private Use private IP addresses (public are used by default)
--profile PROFILE Specify AWS credential profile to use
--proxy PROXY Specify a bastion host for ProxyCommand
--region Append the region name at the end of the concatenation
--ssh-key-name SSH_KEY_NAME
Override the ssh key to use
--strict-hostkey-checking
Do not include StrictHostKeyChecking=no in ssh config
--tags TAGS A comma-separated list of tag names to be considered
for concatenation. If omitted, all tags will be used
--user USER Override the ssh username for all hosts
--white-list-region WHITE_LIST_REGION [WHITE_LIST_REGION ...]
Which regions must be included. If omitted, all
regions are considered
By default, it will name hosts by concatenating all tags:
gianluca@sid:~$ python aws-ssh-config.py > ~/.ssh/config
gianluca@sid:~$ cat ~/.ssh/config
Host dev-worker-1
HostName 54.173.109.173
User ec2-user
IdentityFile ~/.ssh/dev.pem
IdentitiesOnly yes
StrictHostKeyChecking no
Host dev-worker-2
HostName 54.173.190.141
User ec2-user
IdentityFile ~/.ssh/dev.pem
IdentitiesOnly yes
StrictHostKeyChecking no
Host prod-worker-1
HostName 54.164.168.30
User ec2-user
IdentityFile ~/.ssh/prod.pem
IdentitiesOnly yes
StrictHostKeyChecking no
Host prod-worker-2
HostName 54.174.115.242
User ubuntu
IdentityFile ~/.ssh/prod.pem
IdentitiesOnly yes
StrictHostKeyChecking no
ssh completion will immediately work:
gianluca@sid:~$ ssh d[TAB]
dev-worker-1
dev-worker-2
If the ssh completion will not immediately work you should add the following script to your .bash_profile
_complete_ssh_hosts ()
{
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
comp_ssh_hosts=`cat ~/.ssh/known_hosts | \
cut -f 1 -d ' ' | \
sed -e s/,.*//g | \
grep -v ^# | \
uniq | \
grep -v "\[" ;
cat ~/.ssh/config | \
grep "^Host " | \
awk '{print $2}'
`
COMPREPLY=( $(compgen -W "${comp_ssh_hosts}" -- $cur))
return 0
}
complete -F _complete_ssh_hosts ssh
and run gianluca@sid:~$ source .bash_profile
It's possible to customize which tags one is interested in, as well as the order used for concatenation:
gianluca@sid:~$ python aws-ssh-config.py --tags Name > ~/.ssh/config
gianluca@sid:~$ cat ~/.ssh/config
Host worker-1
HostName 54.173.109.173
User ec2-user
IdentityFile ~/.ssh/dev.pem
IdentitiesOnly yes
StrictHostKeyChecking no
Host worker-2
HostName 54.173.190.141
User ec2-user
IdentityFile ~/.ssh/dev.pem
IdentitiesOnly yes
StrictHostKeyChecking no
Host worker-3
HostName 54.164.168.30
User ec2-user
IdentityFile ~/.ssh/prod.pem
IdentitiesOnly yes
StrictHostKeyChecking no
Host worker-4
HostName 54.174.115.242
User ubuntu
IdentityFile ~/.ssh/prod.pem
IdentitiesOnly yes
StrictHostKeyChecking no
gianluca@sid:~$ python aws-ssh-config.py --tags Name,Infrastructure > ~/.ssh/config
gianluca@sid:~$ cat ~/.ssh/config
Host worker-dev-1
HostName 54.173.109.173
User ec2-user
IdentityFile ~/.ssh/dev.pem
IdentitiesOnly yes
StrictHostKeyChecking no
Host worker-dev-2
HostName 54.173.190.141
User ec2-user
IdentityFile ~/.ssh/dev.pem
IdentitiesOnly yes
StrictHostKeyChecking no
Host worker-prod-1
HostName 54.164.168.30
User ec2-user
IdentityFile ~/.ssh/prod.pem
IdentitiesOnly yes
StrictHostKeyChecking no
Host worker-prod-2
HostName 54.174.115.242
User ubuntu
IdentityFile ~/.ssh/prod.pem
IdentitiesOnly yes
StrictHostKeyChecking no
By default, the ssh user is calculated from a regular expression based on the AMI name. A default user can be set with --default-user to use if no matches are found, otherwise a warning is printed on standard error and one can edit the script and add the rule to the AMIS_TO_USER dictionary:
gianluca@sid:~$ python aws-ssh-config.py > ~/.ssh/config
Can't lookup user for AMI 'ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-20140926', add a rule to the script
The --user param can also be used to use a single username for all hosts.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent