[cs615asa] Some questions.

Jan Schaumann jschauma at stevens.edu
Fri Mar 22 12:27:21 EDT 2013 

hyan2 <hyan2 at stevens.edu> wrote:

> I am still confusing. If I run a new instance without key pair. How can  
> I ssh to such instance? Since even though I have set up the config file  
> correctly, the private key I have set up for the host may be correspond  
> to another public key. In this case, I will always get error when I try  
> to ssh to the host.

First example:

Suppose you have created a keypair and stored it with AWS as your
default key.  Let the name of the private ssh key on your system be
"id_rsa".

Now, if you create a new EC2 instance without specifying any particular
key pair, AWS will use your default key.  In order to be able to ssh to
this host, you would need to use the file "id_rsa".  Store the file
"id_rsa" in ~/.ssh/id_rsa, and you will not need to specify any key to
ssh(1), as ssh(1) will by default try to use the file '~/.ssh/id_rsa' if
it exists.

For your homework assignment, this would mean that the user has not set
either the EC2_BACKUP_FLAGS_AWS nor the EC2_BACKUP_FLAGS_SSH environment
variables.  Execution would be:

ec2-backup -d .


Second example:

Suppose you have created a keypair and stored it with AWS as your
default key.  Let the name of the private ssh key on your system be
"my-ec2-key".

Now, if you create a new EC2 instance without specifying any particular
key pair, AWS will use your default key.  In order to be able to ssh to
this host, you would need to use the file "my-ec2-key".  Store the file
"my-ec2-key" in ~/.ssh/my-ec2-key, then update your ~/.ssh/config file
to contain the following lines:

Host *.amazonaws.com
	IdentityFile ~/.ssh/my-ec2-key

Now when you ssh(1) to a new instance, you will not need to specify a key
file, as ssh(1) reads the file ~/.ssh/config and knows that, when
connecting to a host that ends in ".amazonaws.com", it should use the
key ~/.ssh/my-ec2-key.

For your homework assignment, this would mean that the user has not set
either the EC2_BACKUP_FLAGS_AWS nor the EC2_BACKUP_FLAGS_SSH environment
variables.  Execution would be:

ec2-backup -d .


Third example:

Suppose you have created a keypair and stored it with AWS as the keypair
named "stevens".  Let the name of the private ssh key on your system be
"ec2-stevens".

Now, if you create a new EC2 instance without specifying any particular
key pair, AWS will use your default key.  In order to use the
non-default "stevens" key, you would have to specify "--key-name
stevens".  But you cannot tell the program you're writing to use this
particular keypair directly.  Instead, you would need to set the
EC2_BACKUP_FLAGS_AWS environment variable.

In order to be able to ssh to an instance created with "--key-name
stevens", you would need to use the file "ec2-stevens", but you do not
want to use this key for _all_ EC2 instances, only this particular one.

Store the file "ec2-stevens" in ~/.ssh/ec2-stevens, then use "ssh -i
~/.ssh/ec2-stevens" to connect to the new instance.  But you cannot tell
the program you're writing to use this particular flag directly.
Instead, you would need to set the EC2_BACKUP_FLAGS_SSH environment
variable.

For your homework assignment, execution would then be:

export EC2_BACKUP_FLAGS_AWS="--key-name stevens"
export EC2_BACKUP_FLAGS_SSH="-i ~/.ssh/ec2-stevens"
ec2-backup -d .


In other words, your program does not need to know _what_ the value of
these environment variables are; all it needs to do is use them in the
right place to invoke the correct commands.

-Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 478 bytes
Desc: not available
URL: <https://lists.stevens.edu/mailman/private/cs615asa/attachments/20130322/e7ac3839/attachment.sig>

More information about the cs615asa mailing list