From e09f9c7d1970a82cb16dbada60c4e52dc39c5d70 Mon Sep 17 00:00:00 2001 From: psihachina Date: Mon, 17 Oct 2022 10:04:35 +0300 Subject: [PATCH 1/2] added `use-e2-metadata` flag --- internal/commands/tunnel_up.go | 37 +++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/internal/commands/tunnel_up.go b/internal/commands/tunnel_up.go index 57f9e2c6..aec26aa1 100644 --- a/internal/commands/tunnel_up.go +++ b/internal/commands/tunnel_up.go @@ -46,6 +46,7 @@ type TunnelUpOptions struct { BastionHostID string ForwardHost []string StrictHostKeyChecking bool + Metadata bool } func NewTunnelUpFlags(project *config.Project) *TunnelUpOptions { @@ -87,6 +88,7 @@ func NewCmdTunnelUp(project *config.Project) *cobra.Command { cmd.Flags().StringVar(&o.PublicKeyFile, "ssh-public-key", "", "set ssh key public path") cmd.Flags().StringVar(&o.PrivateKeyFile, "ssh-private-key", "", "set ssh key private path") cmd.PersistentFlags().BoolVar(&o.StrictHostKeyChecking, "strict-host-key-checking", true, "set strict host key checking") + cmd.PersistentFlags().BoolVar(&o.Metadata, "use-ec2-metadata", false, "send ssh key to ec2 metadata (work only ubuntu version above 20)") return cmd } @@ -174,9 +176,16 @@ func (o *TunnelUpOptions) Run() error { return fmt.Errorf("can't get public key: %s", err) } - err = sendSSHPublicKey(o.BastionHostID, pk, o.Config.Session) - if err != nil { - return fmt.Errorf("can't run tunnel: %s", err) + if o.Metadata { + err = sendSSHPublicKey(o.BastionHostID, pk, o.Config.Session) + if err != nil { + return fmt.Errorf("can't run tunnel: %s", err) + } + } else { + err = sendSSHPublicKeyLegacy(o.BastionHostID, pk, o.Config.Session) + if err != nil { + return fmt.Errorf("can't run tunnel: %s", err) + } } forwardConfig, err := o.upTunnel() @@ -297,6 +306,28 @@ func sendSSHPublicKey(bastionID string, key string, sess *session.Session) error return nil } +func sendSSHPublicKeyLegacy(bastionID string, key string, sess *session.Session) error { + // This command is executed in the bastion host and it checks if our public key is present. If it's not it uploads it to _authorized_keys file. + command := fmt.Sprintf( + `grep -qR "%s" /home/ubuntu/.ssh/authorized_keys || echo "%s" >> /home/ubuntu/.ssh/authorized_keys`, + key, key, + ) + + _, err := ssm.New(sess).SendCommand(&ssm.SendCommandInput{ + InstanceIds: []*string{&bastionID}, + DocumentName: aws.String("AWS-RunShellScript"), + Comment: aws.String("Add an SSH public key to authorized_keys"), + Parameters: map[string][]*string{ + "commands": {&command}, + }, + }) + if err != nil { + return fmt.Errorf("can't send SSH public key: %w", err) + } + + return nil +} + func getPublicKey(path string) (string, error) { if !filepath.IsAbs(path) { var err error From 1a72763c4c4bfcaa7dd32bd6e6877fddb7f71928 Mon Sep 17 00:00:00 2001 From: Nikita Podshivalov <47272597+psihachina@users.noreply.github.com> Date: Mon, 17 Oct 2022 17:47:24 +0300 Subject: [PATCH 2/2] updated flag description Co-authored-by: Igor Kotov --- internal/commands/tunnel_up.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/commands/tunnel_up.go b/internal/commands/tunnel_up.go index aec26aa1..e32eedfb 100644 --- a/internal/commands/tunnel_up.go +++ b/internal/commands/tunnel_up.go @@ -88,7 +88,7 @@ func NewCmdTunnelUp(project *config.Project) *cobra.Command { cmd.Flags().StringVar(&o.PublicKeyFile, "ssh-public-key", "", "set ssh key public path") cmd.Flags().StringVar(&o.PrivateKeyFile, "ssh-private-key", "", "set ssh key private path") cmd.PersistentFlags().BoolVar(&o.StrictHostKeyChecking, "strict-host-key-checking", true, "set strict host key checking") - cmd.PersistentFlags().BoolVar(&o.Metadata, "use-ec2-metadata", false, "send ssh key to ec2 metadata (work only ubuntu version above 20)") + cmd.PersistentFlags().BoolVar(&o.Metadata, "use-ec2-metadata", false, "send ssh key to EC2 metadata (work only for Ubuntu versions > 20.0)") return cmd }