SSH Module
Simple usage
Using positional arguments:
space -m ssh /ssh/ -- address
Or, instead use environment variables, which is often recommended, because then you do not have to consider what position an argument must come in:
space -m ssh /ssh/ -e SSHHOST=address
The above will issue a login shell onto the remote host.
Run command remotely
space -m ssh /ssh/ -e SSHHOST=address -e SSHCOMMAND="ls -l"
Using jump hosts to bypass firewalls
Often a machine is on a restricted network protected by a firewall to protect the machines from the chaos of the internet.
However, there is usually one or more machines which serves as jump hosts
or bastion hosts
.
We could use the SSH module to jump over any number of hosts to reach our destination host.
Usually keys are used as login credentials and all keys are to exist on the client issuing the request.
To use jump hosts, simply add all hosts from left to right, comma separated. The last host is the destination host:
space -m ssh /ssh/ -e SSHHOST=jump1.example.com,jump2.example.com,jump3.example.com,destination.example.com -e SSHCOMMAND="ls -l"
If you need to specify the keys manually add those too:
space -m ssh /ssh/ -e SSHHOST=jump1.example.com,jump2.example.com,jump3.example.com,destination.example.com \
-e SSHKEYFILE=key1_id,key2_id,key3_id,key4_id -e SSHCOMMAND="ls -l"
Wrapping other modules in SSH
One of the most powerful features of Space is that it can wrap
commands
inside other commands to have them run somewhere else.
For example the OS module could be wrapped in the SSH module to be run on a remote machine.
space -m os /info/
Above will output some basic info about the system.
If we want to run this on a remote machine over ssh, simply do this:
space -m os /info -m ssh /wrap/ -e SSHHOST=address
Of course, you can still use jump hosts when wrapping commands.
We’ll take the example above, now you will see why we usually want
to use -e
variables instead of positional arguments, because we can use modules together:
space -m os /info/ \
-m ssh /wrap/ -e SSHHOST=jump1.example.com,jump2.example.com,jump3.example.com,destination.example.com \
-e SSHKEYFILE=key1_id,key2_id,key3_id,key4_id
Any command in any module can get wrapped and run remotely.
No files nor scripts are uploaded to the host, they are run directly by SSH.
However, if you want to upload a file to a remote system over SSH, it’s quite easy
using the file
module.
Upload a file
echo "Hello World!" | space -m file /pipwrite/ -e file=/tmp/hello \
-m ssh /wrap/ -e SSHHOST=jump1.example.com,jump2.example.com,jump3.example.com,destination.example.com \
-e SSHKEYFILE=key1_id,key2_id,key3_id,key4_id
Let’s fetch the contents back using cat
:
space -m file /cat/ -e file=/tmp/hello \
-m ssh /wrap/ -e SSHHOST=jump1.example.com,jump2.example.com,jump3.example.com,destination.example.com \
-e SSHKEYFILE=key1_id,key2_id,key3_id,key4_id
Wait for file(s) to be created
We can use the utils
module for waiting on files we expect to be created:
space -m utils /waitforfile/ -e waitfilelist=/tmp/hello \
-m ssh /wrap/ -e SSHHOST=jump1.example.com,jump2.example.com,jump3.example.com,destination.example.com \
-e SSHKEYFILE=key1_id,key2_id,key3_id,key4_id
Using a hostfile instead of arguments
Instead of providing SSH arguments on command line or as variables one can use a .env
file from where variables are read.
If using a host file, this is an .env
file where the SSH_*
variables are read from the file instead from the cmd line.
If values are also provided on command line then those values are appended to those in the .env file so that the host.env file can be used for declaring the jump host you are using for the host you are providing on cmd line.
In the .env
file there can also be jump hosts defined, if so that will trigger a read of another host.env
file which will be used as a jump host for the host described in the first host.env
file.
A special case is when using a host.env
file and declaring port, user, keyfile, flags on command line but no host parameter, then those values are used instead of the values read from the (first) host.env
file.
Example host.env file:
HOST=1.2.3.4
USER=clownsalad
KEYFILE=.ssh/id_rsa
PORT=4562
FLAGS=-opasswordauthentication=no -ostricthostkeychecking=no -oexitonforwardfailure=no
JUMPHOST=../host2
HOST
is required.
PORT
defaults to 22.
Multiple
flags can be used and are optional
JUMPHOST
is the path to another diretory where a host.env file exists, which will be used as a jumphost.
JUMPHOST
can also point to another .env file in the same directory.
For KEYFILE
and JUMPHOST
relative paths will be set below user $HOME
.