Last active
September 30, 2015 02:57
-
-
Save brahmana/1710065 to your computer and use it in GitHub Desktop.
ec2login - A simple bash script to securely login to an EC2 instance machine via SSH sitting behind NAT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# NOTE : This is a very rudimentary and dumb script. With little more work this can be made to accept | |
# command line arguments which override those specified in the setup.sh file | |
public_ip_file='/tmp/public_ip_address' | |
first_arg=$1 | |
fetch_public_ip() { | |
echo "Fetching public ip address from automation.whatismyip.com service" | |
curl -s http://ifconfig.me > $public_ip_file | |
} | |
clean_up() { | |
echo "Cleaning up the environment" | |
echo "" | |
echo "De-authorizing the client for ssh access on port 22" | |
ec2-revoke $EC2_GROUP_NAME -P tcp -p 22 -s $public_ip_address/32 | |
echo "Removing the ssh key from ssh-agent" | |
ssh-add -d $EC2_SSH_KEY_FILENAME | |
} | |
try_clean_up() { | |
printf "Checking if clean up is requested" | |
if [[ $first_arg == '--clean' ]] || [[ $first_arg == '-c' ]] | |
then | |
printf "................................... YES\n" | |
clean_up | |
else | |
printf "................................... NO\n" | |
fi | |
} | |
print_info() { | |
echo "" | |
echo "Usage :" | |
echo "ec2login" | |
echo "" | |
echo "Options : Accepts only one option at a time" | |
echo "--help or -h - Print this help info" | |
echo "--clean or -c - De-authorize the client for port 22 (ssh) access and remove the private key after the ssh session ends" | |
echo "" | |
echo "ec2login - A simple bash script to securely login to an EC2 instance machine via SSH sitting behind NAT router." | |
echo "" | |
echo "By : Brahmana (https://github.com/brahmana)" | |
echo "Gist available at : https://gist.github.com/1710065" | |
echo "" | |
echo "This script opens up the port 22 on the target machine for this client ip using the EC2 command line tools," | |
echo "adds the private key specified to the ssh-agent and logs into the remote machine via SSH." | |
echo "After the ssh sessions ends - successfully or abruptly, this script closes the port 22 for this client ip" | |
echo "and removes the private key from the ssh-agent." | |
echo "" | |
echo "For the key removal to work the public file should be present in a file with the same name as the private key with" | |
echo "an additional suffix of .pub. Without this the rest of the script will work, but the key will not be removed at the end" | |
echo "" | |
echo "This script depends on : " | |
echo "* Availability of EC2 command line tools in the PATH." | |
echo "* A running instance of ssh-agent and availability of the ssh-add utility." | |
echo "* http://automation.whatismyip.com web service to determine the public IP address" | |
echo "* A bunch of pre-defined shell variables explained below" | |
echo "" | |
echo "" | |
} | |
print_help() { | |
echo "This script depends on a setup.sh file in the current directory" | |
echo "Create a setup.sh file with the following entries and place it in the current directory" | |
echo "" | |
echo "export EC2_CERT=<path-to-ec2-ceritifcate-file-for-this-account>" | |
echo "export EC2_PRIVATE_KEY=<path-to-ec2-private-key-file-for-this-account>" | |
echo "export EC2_GROUP_NAME=<EC2 security group name to which the machine belongs>" | |
echo "export EC2_SSH_KEY_FILENAME=<path-to-ssh-private-key-file>" | |
echo "export EC2_MACHINE_USERNAME=<username-for-ssh-login>" | |
echo "export EC2_MACHINE_HOSTNAME=<target-machine-hostname>" | |
echo "" | |
echo "" | |
} | |
if [[ $first_arg == '--help' ]] || [[ $first_arg == '-h' ]] | |
then | |
print_info | |
print_help | |
exit 0 | |
fi | |
if [[ -e 'setup.sh' ]] | |
then | |
echo "Setting up AWS environment for this account" | |
. setup.sh | |
else | |
print_help | |
exit 1 | |
fi | |
echo "Checking for necessary environment" | |
if [[ -z $EC2_GROUP_NAME ]] | |
then | |
echo "No EC2 Group specified. Set the variable EC2_GROUP_NAME in setup.sh and export it" | |
echo "export EC2_GROUP_NAME=<EC2 security group name to which the machine belongs>" | |
exit 1 | |
elif [[ -z $EC2_SSH_KEY_FILENAME ]] | |
then | |
echo "No ssh file specified. Set the variable EC2_SSH_KEY_FILENAME in setup.sh and export it" | |
echo "export EC2_SSH_KEY_FILENAME=<path-to-ssh-private-key-file>" | |
exit 1 | |
elif [[ -z $EC2_MACHINE_USERNAME ]] | |
then | |
echo "Username for ssh login not specified. Set the variable EC2_MACHINE_USERNAME in setup.sh and export it" | |
echo "export EC2_MACHINE_USERNAME=<username-for-ssh-login>" | |
exit 1 | |
elif [[ -z $EC2_MACHINE_HOSTNAME ]] | |
then | |
echo "Target machine hostname not specified. Set the variable EC2_MACHINE_HOSTNAME in setup.sh and export it" | |
echo "export EC2_MACHINE_HOSTNAME=<target-machine-hostname>" | |
exit 1 | |
fi | |
echo "Reading public ip address of the client" | |
# whatismyip.com guys do not want us hitting their server more than once in 300 seconds | |
if [[ -e $public_ip_file ]] | |
then | |
current_time=$(date +%s) | |
last_modified_time=$(stat --format=%Y $public_ip_file) | |
update_duration=$(($current_time - $last_modified_time)) | |
if [[ $update_duration -gt 300 ]] | |
then | |
fetch_public_ip | |
else | |
echo "Locally cached public ip address is less than 300 seconds old. If you want to force a refresh delete the file /tmp/public_ip_address" | |
fi | |
else | |
fetch_public_ip | |
fi | |
public_ip_address=$(cat /tmp/public_ip_address) | |
echo "Authorizing current client for ssh access on port 22" | |
ec2-authorize $EC2_GROUP_NAME -P tcp -p 22 -s $public_ip_address/32 | |
if [[ $? != 0 ]] | |
then | |
printf "\nWARNING : There was a problem authorizing the client for port 22 (ssh) access\n" | |
fi | |
echo "Adding the RSA private key to ssh-agent" | |
ssh-add $EC2_SSH_KEY_FILENAME | |
if [[ $? != 0 ]] | |
then | |
printf "\nERROR : There was a problem adding the private key file to ssh-agent. Quitting\n" | |
try_clean_up | |
exit $? | |
fi | |
echo "Logging in to the remote machine via ssh" | |
ssh $EC2_MACHINE_USERNAME@$EC2_MACHINE_HOSTNAME | |
echo "Back from ssh session" | |
try_clean_up |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment