brahmana/ec2login.sh

## ec2login.sh
#!/bin/bash

# NOTE : This is a very rudimentary and dumb script. With little more work this can be made to accept
# command line arguments which override those specified in the setup.sh file

public_ip_file='/tmp/public_ip_address'
first_arg=$1

fetch_public_ip() {
  echo "Fetching public ip address from automation.whatismyip.com service"
  curl -s http://ifconfig.me > $public_ip_file
}

clean_up() {
  echo "Cleaning up the environment"
  echo ""
  echo "De-authorizing the client for ssh access on port 22"
  ec2-revoke $EC2_GROUP_NAME -P tcp -p 22 -s $public_ip_address/32

  echo "Removing the ssh key from ssh-agent"
  ssh-add -d $EC2_SSH_KEY_FILENAME
}

try_clean_up() {
  printf "Checking if clean up is requested"
  if [[ $first_arg == '--clean' ]] || [[ $first_arg == '-c' ]]
  then
    printf "................................... YES\n"
    clean_up
  else
    printf "................................... NO\n"
  fi
}

print_info() {
  echo ""
  echo "Usage :"
  echo "ec2login"
  echo ""
  echo "Options : Accepts only one option at a time"
  echo "--help or -h - Print this help info"
  echo "--clean or -c - De-authorize the client for port 22 (ssh) access and remove the private key after the ssh session ends"
  echo ""
  echo "ec2login - A simple bash script to securely login to an EC2 instance machine via SSH sitting behind NAT router."
  echo ""
  echo "By : Brahmana (https://github.com/brahmana)"
  echo "Gist available at : https://gist.github.com/1710065"
  echo ""
  echo "This script opens up the port 22 on the target machine for this client ip using the EC2 command line tools,"
  echo "adds the private key specified to the ssh-agent and logs into the remote machine via SSH."
  echo "After the ssh sessions ends - successfully or abruptly, this script closes the port 22 for this client ip"
  echo "and removes the private key from the ssh-agent."
  echo ""
  echo "For the key removal to work the public file should be present in a file with the same name as the private key with"
  echo "an additional suffix of .pub. Without this the rest of the script will work, but the key will not be removed at the end"
  echo ""
  echo "This script depends on : "
  echo "* Availability of EC2 command line tools in the PATH."
  echo "* A running instance of ssh-agent and availability of the ssh-add utility."
  echo "* http://automation.whatismyip.com web service to determine the public IP address"
  echo "* A bunch of pre-defined shell variables explained below"
  echo ""
  echo ""
}

print_help() {
  echo "This script depends on a setup.sh file in the current directory"
  echo "Create a setup.sh file with the following entries and place it in the current directory"
  echo ""
  echo "export EC2_CERT=<path-to-ec2-ceritifcate-file-for-this-account>"
  echo "export EC2_PRIVATE_KEY=<path-to-ec2-private-key-file-for-this-account>"
  echo "export EC2_GROUP_NAME=<EC2 security group name to which the machine belongs>"
  echo "export EC2_SSH_KEY_FILENAME=<path-to-ssh-private-key-file>"
  echo "export EC2_MACHINE_USERNAME=<username-for-ssh-login>"
  echo "export EC2_MACHINE_HOSTNAME=<target-machine-hostname>"
  echo ""
  echo ""
}

if [[ $first_arg == '--help' ]] || [[ $first_arg == '-h' ]]
then
  print_info
  print_help
  exit 0
fi

if [[ -e 'setup.sh' ]]
then
  echo "Setting up AWS environment for this account"
  . setup.sh
else
  print_help
  exit 1
fi

echo "Checking for necessary environment"
if [[ -z $EC2_GROUP_NAME ]]
then
  echo "No EC2 Group specified. Set the variable EC2_GROUP_NAME in setup.sh and export it"
  echo "export EC2_GROUP_NAME=<EC2 security group name to which the machine belongs>"
  exit 1
elif [[ -z $EC2_SSH_KEY_FILENAME ]]
then
  echo "No ssh file specified. Set the variable EC2_SSH_KEY_FILENAME in setup.sh and export it"
  echo "export EC2_SSH_KEY_FILENAME=<path-to-ssh-private-key-file>"
  exit 1
elif [[ -z $EC2_MACHINE_USERNAME ]]
then
  echo "Username for ssh login not specified. Set the variable EC2_MACHINE_USERNAME in setup.sh and export it"
  echo "export EC2_MACHINE_USERNAME=<username-for-ssh-login>"
  exit 1
elif [[ -z $EC2_MACHINE_HOSTNAME ]]
then
  echo "Target machine hostname not specified. Set the variable EC2_MACHINE_HOSTNAME in setup.sh and export it"
  echo "export EC2_MACHINE_HOSTNAME=<target-machine-hostname>"
  exit 1
fi

echo "Reading public ip address of the client"
# whatismyip.com guys do not want us hitting their server more than once in 300 seconds
if [[ -e $public_ip_file ]]
then
  current_time=$(date +%s)
  last_modified_time=$(stat --format=%Y $public_ip_file)
  update_duration=$(($current_time - $last_modified_time))

  if [[ $update_duration -gt 300 ]]
  then
    fetch_public_ip
  else
    echo "Locally cached public ip address is less than 300 seconds old. If you want to force a refresh delete the file /tmp/public_ip_address"
  fi
else
  fetch_public_ip
fi
public_ip_address=$(cat /tmp/public_ip_address)

echo "Authorizing current client for ssh access on port 22"
ec2-authorize $EC2_GROUP_NAME -P tcp -p 22 -s $public_ip_address/32

if [[ $? != 0 ]]
then
  printf "\nWARNING : There was a problem authorizing the client for port 22 (ssh) access\n"
fi

echo "Adding the RSA private key to ssh-agent"
ssh-add $EC2_SSH_KEY_FILENAME

if [[ $? != 0 ]]
then
  printf "\nERROR : There was a problem adding the private key file to ssh-agent. Quitting\n"
  try_clean_up
  exit $?
fi

echo "Logging in to the remote machine via ssh"
ssh $EC2_MACHINE_USERNAME@$EC2_MACHINE_HOSTNAME

echo "Back from ssh session"
try_clean_up
	#!/bin/bash

	# NOTE : This is a very rudimentary and dumb script. With little more work this can be made to accept
	# command line arguments which override those specified in the setup.sh file

	public_ip_file='/tmp/public_ip_address'
	first_arg=$1

	fetch_public_ip() {
	echo "Fetching public ip address from automation.whatismyip.com service"
	curl -s http://ifconfig.me > $public_ip_file
	}

	clean_up() {
	echo "Cleaning up the environment"
	echo ""
	echo "De-authorizing the client for ssh access on port 22"
	ec2-revoke $EC2_GROUP_NAME -P tcp -p 22 -s $public_ip_address/32

	echo "Removing the ssh key from ssh-agent"
	ssh-add -d $EC2_SSH_KEY_FILENAME
	}

	try_clean_up() {
	printf "Checking if clean up is requested"
	if [[ $first_arg == '--clean' ]] \|\| [[ $first_arg == '-c' ]]
	then
	printf "................................... YES\n"
	clean_up
	else
	printf "................................... NO\n"
	fi
	}

	print_info() {
	echo ""
	echo "Usage :"
	echo "ec2login"
	echo ""
	echo "Options : Accepts only one option at a time"
	echo "--help or -h - Print this help info"
	echo "--clean or -c - De-authorize the client for port 22 (ssh) access and remove the private key after the ssh session ends"
	echo ""
	echo "ec2login - A simple bash script to securely login to an EC2 instance machine via SSH sitting behind NAT router."
	echo ""
	echo "By : Brahmana (https://github.com/brahmana)"
	echo "Gist available at : https://gist.github.com/1710065"
	echo ""
	echo "This script opens up the port 22 on the target machine for this client ip using the EC2 command line tools,"
	echo "adds the private key specified to the ssh-agent and logs into the remote machine via SSH."
	echo "After the ssh sessions ends - successfully or abruptly, this script closes the port 22 for this client ip"
	echo "and removes the private key from the ssh-agent."
	echo ""
	echo "For the key removal to work the public file should be present in a file with the same name as the private key with"
	echo "an additional suffix of .pub. Without this the rest of the script will work, but the key will not be removed at the end"
	echo ""
	echo "This script depends on : "
	echo "* Availability of EC2 command line tools in the PATH."
	echo "* A running instance of ssh-agent and availability of the ssh-add utility."
	echo "* http://automation.whatismyip.com web service to determine the public IP address"
	echo "* A bunch of pre-defined shell variables explained below"
	echo ""
	echo ""
	}

	print_help() {
	echo "This script depends on a setup.sh file in the current directory"
	echo "Create a setup.sh file with the following entries and place it in the current directory"
	echo ""
	echo "export EC2_CERT=<path-to-ec2-ceritifcate-file-for-this-account>"
	echo "export EC2_PRIVATE_KEY=<path-to-ec2-private-key-file-for-this-account>"
	echo "export EC2_GROUP_NAME=<EC2 security group name to which the machine belongs>"
	echo "export EC2_SSH_KEY_FILENAME=<path-to-ssh-private-key-file>"
	echo "export EC2_MACHINE_USERNAME=<username-for-ssh-login>"
	echo "export EC2_MACHINE_HOSTNAME=<target-machine-hostname>"
	echo ""
	echo ""
	}

	if [[ $first_arg == '--help' ]] \|\| [[ $first_arg == '-h' ]]
	then
	print_info
	print_help
	exit 0
	fi

	if [[ -e 'setup.sh' ]]
	then
	echo "Setting up AWS environment for this account"
	. setup.sh
	else
	print_help
	exit 1
	fi

	echo "Checking for necessary environment"
	if [[ -z $EC2_GROUP_NAME ]]
	then
	echo "No EC2 Group specified. Set the variable EC2_GROUP_NAME in setup.sh and export it"
	echo "export EC2_GROUP_NAME=<EC2 security group name to which the machine belongs>"
	exit 1
	elif [[ -z $EC2_SSH_KEY_FILENAME ]]
	then
	echo "No ssh file specified. Set the variable EC2_SSH_KEY_FILENAME in setup.sh and export it"
	echo "export EC2_SSH_KEY_FILENAME=<path-to-ssh-private-key-file>"
	exit 1
	elif [[ -z $EC2_MACHINE_USERNAME ]]
	then
	echo "Username for ssh login not specified. Set the variable EC2_MACHINE_USERNAME in setup.sh and export it"
	echo "export EC2_MACHINE_USERNAME=<username-for-ssh-login>"
	exit 1
	elif [[ -z $EC2_MACHINE_HOSTNAME ]]
	then
	echo "Target machine hostname not specified. Set the variable EC2_MACHINE_HOSTNAME in setup.sh and export it"
	echo "export EC2_MACHINE_HOSTNAME=<target-machine-hostname>"
	exit 1
	fi

	echo "Reading public ip address of the client"
	# whatismyip.com guys do not want us hitting their server more than once in 300 seconds
	if [[ -e $public_ip_file ]]
	then
	current_time=$(date +%s)
	last_modified_time=$(stat --format=%Y $public_ip_file)
	update_duration=$(($current_time - $last_modified_time))

	if [[ $update_duration -gt 300 ]]
	then
	fetch_public_ip
	else
	echo "Locally cached public ip address is less than 300 seconds old. If you want to force a refresh delete the file /tmp/public_ip_address"
	fi
	else
	fetch_public_ip
	fi
	public_ip_address=$(cat /tmp/public_ip_address)

	echo "Authorizing current client for ssh access on port 22"
	ec2-authorize $EC2_GROUP_NAME -P tcp -p 22 -s $public_ip_address/32

	if [[ $? != 0 ]]
	then
	printf "\nWARNING : There was a problem authorizing the client for port 22 (ssh) access\n"
	fi

	echo "Adding the RSA private key to ssh-agent"
	ssh-add $EC2_SSH_KEY_FILENAME

	if [[ $? != 0 ]]
	then
	printf "\nERROR : There was a problem adding the private key file to ssh-agent. Quitting\n"
	try_clean_up
	exit $?
	fi

	echo "Logging in to the remote machine via ssh"
	ssh $EC2_MACHINE_USERNAME@$EC2_MACHINE_HOSTNAME

	echo "Back from ssh session"
	try_clean_up