[cs615asa] HW4 SSH Questions

Jan Schaumann jschauma at stevens.edu
Thu Feb 28 08:56:56 EST 2013 

kbodzak <kbodzak at stevens.edu> wrote:
> I have some questions about making an SSH connection from our program to 
> an EC2 Instance:

Good questions.  I have updated the manual page at
http://www.cs.stevens.edu/~jschauma/615/ec2-backup.txt with additional
information that hopefully answers your questions:

Environment

     ec2-backup assumes that the user has set up their environment for
     general use with the EC2 tools.  That is, it will not set or modify
     the variables AWS_CONFIG_FILE, EC2_CERT, EC2_HOME or EC2_PRIVATE_KEY.
     ec2-backup allows the user to add custom flags to the EC2 related
     commands it invokes EC2_BACKUP_FLAGS_AWS environment variable.

     ec2-backup also assumes that the user has set up their
     ~/.ssh/config file to access instances in EC2 via ssh(1) without any
     additional settings.  It does allow the user to add custom flags to the
     ssh(1) commands it invokes via the EC2_BACKUP_FLAGS_SSH environment
     variable.

[...]

     Suppose a user has their ~/.ssh/config set up to use the private
     key ~/.ec2/stevens but wishes to use the key ~/.ssh/ec2-key instead:

           export EC2_BACKUP_FLAGS_SSH="-i ~/.ssh/ec2-key"
           ec2-backup -d .

     To force creation of an instance type of t1.micro instead of
     whatever defaults might apply

           export EC2_BACKUP_FLAGS_AWS="--instance-type t1.micro"
           ec2-backup -d .


> How should we go about managing the correct use of SSH-keys for logging  
> into an instance?

Assume the user has their ~/.ssh/config set up so that running "ssh
<any-amazon-instance-name>" will work.

> In the case that the user specified a specific image for us:
>
> Should we assume that they have setup their ~/.ssh/config file correctly 
> to automatically use the correct key with ec2?

Yes.

> Should we assume that the 'key' linked with the instance exists in  
> ~/.ssh/?

Yes.

> If we are supposed to create an image automatically:
>
> Should we assume a 'default' key already exists? (and specify this in  
> the README)

You should assume that the user has everything set up so that running

aws ec2 run-instances --min-count 1 --max-count 1 --image-id <some-AMI>

will yield an ec2 instance that the user can then log in on using

ssh <hostname>


If the user wishes to pass additional flags to either aws(1) or ssh(1),
she can set the EC2_BACKUP_FLAGS_SSH and EC2_BACKUP_FLAGS_AWS
environment variables as shown in the examples above.

> Should we create a new key-pair and use that explicitly for ec2-backup?

No.


It's possible that using this approach may not be sufficient for all use
cases, as I'm just making this up as we go along, so if you run into
cases where you think something else is required from the user, please
send a mail to this list.

-Jan

More information about the cs615asa mailing list