
Show HN: Ssh2, simplifying EC2 ssh'ing - soheil
https://github.com/soheil/ssh2
======
justinsaccount
Nice idea, but needs a bit of refactoring:

hardcoded paths like '/tmp/.ssh2_list' should not be used. This is insecure
and wouldn't work on (most) multi user systems. Something like
os.path.expanduser("~/.cache/ssh2_list") should be used instead.

    
    
      f = open(cache_file_list, 'w')
      f.write(output)
      f.close()
    

can be written as

    
    
      with open(cache_file_list, 'w') as f:
        f.write(output)
    

This:

    
    
      i = 0
      for instance in all_instances:
        i += 1
        #..
        print '%-4s%-55s%-30s' % ('[' + str(i) + ']',
          instance['PublicDnsName'], name)
    

Simplifies to:

    
    
      for i, instance in enumerate(all_instances, 1):
        choice = '[%d]' % i
        name = extract_name(instance) #function instead of copy/paste    
        print '%-4s %-55s %-30s' % (choice, instance['PublicDnsName'], name)
    

Also would kind of make more sense to support matching on the name of the
instance rather than requiring a number. In your case, 'ssh2 cron' makes a bit
more sense than 'ssh2 0'

~~~
voltagex_
Might be better to open an issue.

[https://github.com/soheil/ssh2/issues](https://github.com/soheil/ssh2/issues)

I'd do it, but I have to run.

~~~
soheil
Just made those changes, will update the tmp path.

~~~
jessedhillon
Since this is Python, you can use the built-in tempfile module to securely
create/delete temporary files

[https://docs.python.org/2/library/tempfile.html](https://docs.python.org/2/library/tempfile.html)

Additionally, a feature where the command line argument is applied as a
wildcard search against the list of hosts would be nice, with the default
behavior being to ssh into the first match when there's only one matching
host.

------
asveikau
Nobody does a quick Google search for name clashes these days? "ssh2" is the
name of the protocol, to distinguish from SSH protocol 1.0.

------
rascul
The name is confusing.

[https://en.wikipedia.org/wiki/Secure_Shell#Version_2.x](https://en.wikipedia.org/wiki/Secure_Shell#Version_2.x)

~~~
voltagex_
Agreed, ECSSH2 is either a convoluted replacement or a nice play on both
technologies depending on how you look at it... although that could be
confused with ECDSA - naming things is hard!

~~~
drdaeman
ec2ssh? ec2sh? ec2s?

------
wyldfire
soheil, you should note that blurring digits is often an ineffective way of
preserving privacy.

In this case it looks as if the blurred data is only IP addresses, so unlikely
to cause any real damage on its own. But API keys, passphrases, private keys,
and the like -- don't use gaussian blur. Crop them out or overwrite them
entirely with an opaque color.

Also, don't put anything important in /tmp. As a practical matter it won't
matter much if no one else has access to this machine. But it's a good habit
to get into.

~~~
soheil
Good point, I was thinking about it, decided blur looked better. For more
important things I will start using an opaque color.

Thanks for the /tmp tip.

~~~
lobster_johnson
Also, don't assume /tmp is the right directory. Always read the $TMP
environment variable.

~~~
LukeShu
Read $TMPDIR. If you are feeling generous, then check $TMP if $TMPDIR isn't
set.

On that note, you may also be interested in $XDG_RUNTIME_DIR (complex-ish
semantics) or $XDG_CACHE_HOME (Default: ~/.cache/)

------
grhmc
A related tool, I wrote ish:
[https://github.com/grahamc/ish](https://github.com/grahamc/ish) which lets
you log in to a machine by name, tag, instance ID, AMI, etc.

~~~
jessedhillon
This should be higher, it's a much nicer effort.

------
rhapsodyv
Very useful. I'm currently using ~/.ssh/config. I gave nickname for the
servers and all parameters are in the config:

    
    
      Host my-foo
      HostName 54.xx.xx.xx
      User my_user
      IdentityFile ~/.ssh/server_key.pem
    

So, just: ssh my-foo

~~~
jon-wood
We're using a wrapper around SSH which generates an ssh_config file listing
our current EC2 instances, including aliases for instance id, role, and name
tags. It does slow down starting SSH if you don't have the list of instances
cached, but otherwise is pretty nice.

~~~
rhapsodyv
Do you mind share your script? It seems very useful.

~~~
jon-wood
At the moment its a horrible hack which is so specific to our environment I'm
not sure I want to share it, but I might make something more generic and share
that.

------
jamiesonbecker
Nice work!

Consider something like mkstemp() or mkdtemp() instead (really, it should be
marked 'insecure' until updated.)

[https://docs.python.org/2/library/tempfile.html#tempfile.mkd...](https://docs.python.org/2/library/tempfile.html#tempfile.mkdtemp)

It's a great idea and might work well w jumpbox config @ Userify ... I'll send
over a pull request if I get a chance this week!

~~~
soheil
Looking forward to it.

------
rusbus
Another way to do the same thing by registering the hosts in your SSH config
file:

[https://gist.github.com/4704110](https://gist.github.com/4704110)

------
deathanatos
I'm curious: why would I use this over just assigning DNS names to the
instances?

~~~
voltagex_
DNS names where? How long does it take for the updates to get to whatever
resolver you're using?

~~~
deathanatos
If the instance name is new, instantly. (As long as nobody queries it prior to
the record getting created, of course.) Otherwise, the TTL. We use either 1 or
5 min TTLs where we expect changes for exactly this reason, and in practice,
it isn't a problem.

------
vacri
If your servers are 'permanent', then give them a short hostname and put them
in your .ssh/config and DNS (or hosts file). 'ssh cron' or 'ssh archive' and
connecting directly is quicker than going through a dialogue, or using an
index number and having to remember which is which (or worrying about the
index number changing when you refresh).

This tool would be good for temporary or autoscaling instances, though.

~~~
soheil
I made it primarily for my temp servers, it's also useful if you keep
restarting a box as the DNS name changes on reboot. As someone else also
mentioned I think a nice addition would be to allow the name to be passed
instead of just the index. The thing with temp servers is that, I don't
usually bother to name them, hence again, this tool.

~~~
vacri
If you have instances in a VPC, they will keep their IP addresses until you
destroy them. Turn them off for a week, then back on, and they bounce back
with the same IP as before.

EC2 classic servers will also keep their IP addresses (and hence aws-assigned
hostnames) through a _reboot_ (in which the VM itself doesn't actually get
torn down), but not through a stop/start cycle.

Edit: If your tool works for you, go for it. I don't mean to sound
discouraging.

~~~
soheil
Thanks for clarifying the reboot sequence, I do, however, stop/start instances
on a regular basis to save cost. Also good to know VPC behaves differently in
that respect.

I'm working on adding VPC support.

------
dwb
This is my take on this: uses a tagging convention on your EC2 instances. Can
also run commands in parallel over a set of instances.

[https://github.com/madebymany/moltar](https://github.com/madebymany/moltar)

[http://madebymany.com/blog/a-little-tooling-goes-a-long-
way](http://madebymany.com/blog/a-little-tooling-goes-a-long-way)

------
josefdlange
Pack this up and get it on PyPI! Nice simple little script but quite
inconvenient to get onto a system, especially if one prefers using package
managers.

------
soccerdave
This is one of the first scripts that I made myself after migrating to ec2. I
initially programmed it in ruby, but just recently re-wrote it in Go. I don't
cache the hosts and it usually takes around 0.5 - 0.7 seconds. My ruby
implementation was much slower due to the libraries I was using needing to be
loaded in each time it ran as opposed to the Go compiling ahead of time.

------
reacweb
I have all my servers listed in my .ssh/config file with nice short names.
With a simple alias on the command "grep -A1 '^H' .ssh/config | grep -v
'\--'", I can display the full list (amazon, but also scaleway, clouscale, my
home box, ...).

------
setheron
What stores the SSH private keys ? I hate having to manage my private keys
across work machines.

------
wahnfrieden
Filters and tab-completion would be nice when you have hundreds of EC2
instances.

I've also seen tab completion on `ssh` which matches EC2 IDs & "Name" tags,
but can't find the project right now.

------
haosdent
I think you also would like use
[https://github.com/haosdent/s](https://github.com/haosdent/s) to simplify ssh
login.

------
krat0sprakhar
Quick question regarding best practices - do you prefer connecting to an ec2
instance using the `.pem` file or do you transfer your ssh keys the first time
you connect?

Thanks,

~~~
aidos
I personally do the latter but it's obviously an extra step in the
provisioning process.

------
viraptor
Offtopic: on the screenshot "180 updates are security updates" on apparently
live service makes me sad...

~~~
soheil
This is a freshly spawned up test machine;)

