SSH’ing into instances

It’s useful to be able to ssh into instances that your bring up in your stack.

Note

bespin uses RadSSH which honours ssh_config(5) (ie: ~/.ssh/config). Users may want to set StrictHostKeyChecking no to ignore hostkeys and/or UserKnownHostsFile /dev/null to prevent host key additions for dynamic/cloud instances.

Bespin provides the instances command for finding the instances, getting the ssh key, and ssh’ing into one of the instances.

This command also handles going via a jumphost/bastion instance.

---

environments:
  dev:
    account_id: "123456789"

stacks:
  app:
    stack_name: my_application

    ssh:
      bastion_host: bastion.my_company.com
      bastion_user: ec2-user
      bastion_key_path: "{config_root}/{environment}/bastion_ssh_key.pem"

      user: ec2-user
      auto_scaling_group_name: AppServerAutoScalingGroup
      instance_key_path: "{config_root}/{environment}/ssh_key.pem

With this configuration, bespin instances dev app will look for all the instances in the AppServerAutoScalingGroup defined by the my_application cloudformation stack and list the ips:

$ bespin instances dev app
Found 1 instances
====================
i-d848ca04      10.35.3.151     running Up 9990 seconds

Then you can run bespin instances dev app 10.35.3.151 and with this configuration will ssh through ec2-user@bastion.my_company.com into ec2-user@10.35.3.151.

If the bastion options are not specified, then no bastion is used.

Fetching ssh keys from Rattic

Bespin offers the ability to fetch ssh keys stored in Rattic:

---

environments:
  dev:
    account_id: "123456789"

stacks:
  app:
    stack_name: my_application

    ssh:
      bastion_host: bastion.my_company.com
      bastion_user: ec2-user
      bastion_key_path: "{config_root}/{environment}/bastion_ssh_key.pem"
      bastion_key_location: "2200"

      user:ec2-user
      auto_scaling_group_name: Appserverautoscalinggroup
      instance_key_location: "2201"

      storage_type: rattic
      storage_host: rattic.my_company.com
      instance_key_path: "{config_root}/{environment}/ssh_key.pem

With this configuration, if bespin can’t find the ssh key specified by bastion_key_path and instance_key_path then it will get the ssh keys from rattic.my_company.com using the key ids specified by bastion_key_location and instance_key_location.

Note that the ssh keys must be uploaded to rattic as ssh keys, not as attachments.

Note

The instance_key_path and bastion_key_path in these two examples are the same as the defaults, so leaving them out would have the same effect.

Specifying hosts

The hosts can be found by either specifying auto_scaling_group_name which will look for all the instances attached to that scaling group, or by specifying instance which will look for that instance as specified in the cloudformation stack.

For example, if my stack.json has this in it:

{ "Resources":
  { "MyInstance":
    { "Type": "AWS::EC2::Instance"
    , "Properties": [..]
    }
  }
}

Then I can specify it by having:

ssh:
  user: ec2-user
  instance: MyInstance

When you do this you may also specify an address that is displayed instead of an ip address:

ssh:
  user: ec2-user
  instance: BastionHost
  address: bastion.{environment}.my-company.com

So you’d get something like:

$ bespin instances dev app
Found 1 instances
====================
i-d848ca04      bastion.dev.my-company.com     running Up 9001 seconds

$ bespin instances prod app
Found 1 instances
====================
i-f849ca94      bastion.prod.my-company.com     running Up 9001 seconds