Skip to content

Instantly share code, notes, and snippets.

@relaxdiego
Last active December 2, 2020 06:27
Show Gist options
  • Save relaxdiego/d35dccb74bd4703e582b16454141ef5e to your computer and use it in GitHub Desktop.
Save relaxdiego/d35dccb74bd4703e582b16454141ef5e to your computer and use it in GitHub Desktop.
If you can't be bothered to implement cert-based SSH...
#!/usr/bin/env bash
ip_address=$(
aws ec2 describe-instances --instance-id $instance_id | \
jq -r ".Reservations[] | .Instances[] | select(.InstanceId==\"$instance_id\") | .PublicIpAddress"
)
if ! grep $ip_address ~/.ssh/known_hosts >/dev/null; then
# Print the SSH fingerprints for jumpbox
echo "Valid server key fingerprints:"
aws ec2 get-console-output --instance-id $instance_id | \
jq -r '.Output' | \
awk '/-----BEGIN SSH HOST KEY FINGERPRINTS-----/{flag=1; next} /-----END SSH HOST KEY FINGERPRINTS-----/{flag=0} flag' | \
awk '{print $6}'
echo -e "\nUse one of the above lines to verify the remote's identity\n"
fi
ssh ubuntu@$ip_address
@relaxdiego
Copy link
Author

relaxdiego commented Dec 2, 2020

Sample output:

$ instance_id=i-060c1d1da13ca ./secure-ssh-to-aws-instansce.sh
Valid server key fingerprints:
SHA256:8Krqwcoto2ewAFgLQD8zjBfRhm7DCDoM1gXQbpQjLrc
SHA256:oCQtxhE1AqwLPMfkE6wfPB183N/0Jj1PpDElDprGpHI
SHA256:L3fiT/WEWRc0DarJlOA6N+mZN9/WK9dSgb8ff6Jid94
SHA256:lCFA8B3r55z/QUPCpXPBJIzA+VYV7rDi+OFHAJjaI9Q

Use one of the above lines to verify the remote's identity

The authenticity of host '175.41.161.140 (175.41.161.140)' can't be established.
ECDSA key fingerprint is SHA256:oCQtxhE1AqwLPMfkE6wfPB183N/0Jj1PpDElDprGpHI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? SHA256:oCQtxhE1AqwLPMfkE6wfPB183N/0Jj1PpDElDprGpHI
Warning: Permanently added '175.41.161.140' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-1029-aws x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment