目标:使用SSM登录到EC2实例并通过代理命令连接SSH终端。
我可以使用'aws ssm start-session --target instance-id'成功登录到我的实例。然而,为了让生活更简单,我想在我的.ssh/config中使用代理命令,以便能够使用更短的命令'ssh i-awsguid'登录到实例,而代理命令将填补其余部分。
然而,当我这样做时,会出现一个会话挂起的情况,从未看到远程机器的提示符,当按下control-c时,我会看到AWS操作的JSON输出。
我可以使用'aws ssm start-session --target instance-id'成功登录到我的实例。然而,为了让生活更简单,我想在我的.ssh/config中使用代理命令,以便能够使用更短的命令'ssh i-awsguid'登录到实例,而代理命令将填补其余部分。
然而,当我这样做时,会出现一个会话挂起的情况,从未看到远程机器的提示符,当按下control-c时,我会看到AWS操作的JSON输出。
$ ssh i-076efab920fd7a5e2 -v
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/user/.ssh/config
debug1: /Users/user/.ssh/config line 49: Applying options for *
debug1: /Users/user/.ssh/config line 70: Applying options for *
debug1: /Users/user/.ssh/config line 86: Applying options for i-*
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Executing proxy command: exec aws ssm start-session --target i-076efab920fd7a5e2
debug1: identity file /Users/user/.ssh/id_rsa type 0
debug1: identity file /Users/user/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: kex_exchange_identification: banner line 0:
debug1: kex_exchange_identification: banner line 1: Starting session with SessionId: user@email.com-0a7ca620b0b70ba7c
debug1: kex_exchange_identification: banner line 2: This session is encrypted using AWS KMS.
debug1: kex_exchange_identification: banner line 3: echo Connected to $(hostname)
debug1: kex_exchange_identification: banner line 4: $ Connected to ip-10-147-34-181
^C
Command '['session-manager-plugin', '{"SessionId": "user@email.com-0a7ca620b0b70ba7c", "TokenValue": "scrubbed", "StreamUrl": "wss://ssmmessages.us-east-1.amazonaws.com/v1/data-channel/user@email.com-0a7ca620b0b70ba7c?role=publish_subscribe", "ResponseMetadata": {"RequestId": "cd75db36-3cc0-415f-b849-b5995e1701ec", "HTTPStatusCode": 200, "HTTPHeaders": {"server": "Server", "date": "Wed, 07 Apr 2021 17:49:22 GMT", "content-type": "application/x-amz-json-1.1", "content-length": "678", "connection": "keep-alive", "x-amzn-requestid": "cd75db36-3cc0-415f-b849-b5995e1701ec"}, "RetryAttempts": 0}}', 'us-east-1', 'StartSession', '', '{"Target": "i-076efab920fd7a5e2"}', 'https://ssm.us-east-1.amazonaws.com']' died with <Signals.SIGPIPE: 13>.
例如,在shell中直接调用同一实例。
$ aws ssm start-session --target i-076efab920fd7a5e2
Starting session with SessionId: user@email.com-0bcfc5bf3d8325cb1
This session is encrypted using AWS KMS.
echo Connected to $(hostname)
$ Connected to ip-10-147-34-181
$ whoami
ssm-user
$ exit
Exiting session with sessionId: user@email.com-0bcfc5bf3d8325cb1.
.ssh/config的相关部分
# SSH over Session Manager
host i-*
ProxyCommand aws ssm start-session --target %h