{"id":22138230,"url":"https://github.com/z0mbix/essh","last_synced_at":"2025-07-25T22:32:02.570Z","repository":{"id":57521340,"uuid":"247826320","full_name":"z0mbix/essh","owner":"z0mbix","description":"SSH to EC2 instances using in memory, ephemeral ssh keys and EC2 instance connect","archived":false,"fork":false,"pushed_at":"2021-04-14T09:52:52.000Z","size":1358,"stargazers_count":4,"open_issues_count":1,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-06-20T15:43:12.890Z","etag":null,"topics":["aws","aws-ec2","ec2-instances","golang","ssh"],"latest_commit_sha":null,"homepage":"https://z0mbix.io/2020/04/10/essh-ephemeral-ssh-keys-for-ec2-hosts-using-ec2-instance-connect/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/z0mbix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-16T22:12:39.000Z","updated_at":"2022-03-09T17:39:10.000Z","dependencies_parsed_at":"2022-09-26T18:01:18.515Z","dependency_job_id":null,"html_url":"https://github.com/z0mbix/essh","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/z0mbix%2Fessh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/z0mbix%2Fessh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/z0mbix%2Fessh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/z0mbix%2Fessh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/z0mbix","download_url":"https://codeload.github.com/z0mbix/essh/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227621914,"owners_count":17795021,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-ec2","ec2-instances","golang","ssh"],"created_at":"2024-12-01T20:09:10.320Z","updated_at":"2024-12-01T20:09:11.045Z","avatar_url":"https://github.com/z0mbix.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# essh\n\nSSH to an EC2 instance using an in memory, ephemeral ssh key and EC2 instance connect to push the new public key to the instance\n\n\n## Description\n\n`essh` does the following:\n\n- Generates a one time RSA ssh keypair in memory\n- Adds the private key to your ssh agent define by `SSH_AUTH_SOCK` (for a configurable number of seconds)\n- Pushes the public key to the instance using [ec2-instance connect](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect.html)\n- `ssh` to the instance using the private IP address (public IP can be used with `-p`), using user `ec2-user` by default\n\n\n## Requirements\n\nAs `essh` uses AWS APIs, you will need you have valid credentials configured. If you're using this tool, then I'm presuming that you know how to do this, if not [see here](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html).\n\nYou should set the region with the `-r`/`--region` flag, or by setting the environment variable `AWS_DEFAULT_REGION` or `AWS_REGION`.\n\n\n## Demo\n\n[![asciicast](https://asciinema.org/a/318394.svg)](https://asciinema.org/a/318394?autoplay=1)\n\n## Usage\n\n```shell\n$ essh --help\nUsage of essh:\n  -d, --debug             Enable debug logging\n  -t, --key-ttl uint32    How long the private key will live in the ssh-agent in seconds (default 10)\n  -r, --region string     AWS Region\n  -p, --use-public-ip     Use the public ip instead of the private ip address\n  -u, --username string   UNIX user name (default \"ec2-user\")\n  -v, --version           Show version\n```\n\nConnect to an instance's private IP with ssh as user `ec2-user` (the default):\n\n```shell\n$ essh i-02fab0d7dd3ab737b\n```\n\nConnect to an instance's public IP with ssh as user `ec2-user`:\n\n```shell\n$ essh -p i-02fab0d7dd3ab737b\n```\n\nConnect as user `ubuntu` passing the flags `-A`, `-4` and the command `uptime` to the ssh command:\n\n```shell\n$ essh -u ubuntu i-02fab0d7dd3ab737b -- -A -4 uptime\n```\n\nConnect to an instance by its full name tag:\n\n```shell\n$ essh prod-web1\n```\n\nDisplay a menu of instances that match a partial tag:\n\n```shell\n$ essh gitlab\n```\n\nDisplay all running instances in a region:\n\n```shell\n$ essh\n```\n\nYou can use `/` to search the list of instances.\n\n\n## Changing the default UNIX user\n\nIf you use a different operating system that does not use the username `ec2-user`, you can set a different default username.\n\nFor example, if you use Ubuntu, you can set the environment variable:\n\n```shell\n$ export ESSH_DEFAULT_USER=ubuntu\n```\n\nFrom then on, you can just omit the `-u ubuntu` flag to log in as the `ubuntu` user:\n\n\n## Usage Examples\n\nConnect to an instance on its private IP:\n\n```shell\n$ essh i-03faf0d7dd3ab737a\nrunning command: ssh -l ec2-user 10.200.3.25\nLast login: Mon Mar 16 22:49:14 2020 from ip-10-200-42-219.eu-west-1.compute.internal\n\n       __|  __|_  )\n       _|  (     /   Amazon Linux 2 AMI\n      ___|\\___|___|\n\nhttps://aws.amazon.com/amazon-linux-2/\nNo packages needed for security; 6 packages available\nRun \"sudo yum update\" to apply all updates.\n[ec2-user@ip-10-200-3-25 ~]$\n```\n\nConnect to the instance named \"prod-web1\" on its public ip address and run `uptime`:\n\n```shell\n$ essh -p prod-web1 -- uptime\nrunning command: ssh -l ec2-user 52.51.41.123 uptime\n 16:42:42 up 16 min,  0 users,  load average: 0.13, 0.04, 0.01\n```\n\nConnect to a host named \"gitlab\" if it exists and is running, or show a menu of instances with \"gitlab\" in their name:\n\n```shell\n$ essh gitlab\nUse the arrow keys to navigate: ↓ ↑ → ←  and / toggles search\nSelect an instance:\n  » gitlab-runner-self-hosted-dev i-05e50f67e9dda4278 (10.100.7.92)\n    gitlab-runner-hosted-dev i-0191ea736eca6db2f (10.100.10.29)\n```\n\nIf you don't know which instance to connect to, run without specifying a tag or instance id:\n\n```shell\n$ essh\nUse the arrow keys to navigate: ↓ ↑ → ←  and / toggles search\nSelect an instance:\n    bastion i-06a049e3dbbdc37ae (10.100.12.213)\n    eks i-02dbc94c2efe19e68 (10.100.0.67)\n    eks i-0907b9bb45af5b43e (10.100.2.252)\n    eks i-0d7344c185041ba14 (10.100.4.10)\n    gitlab-runner-self-hosted-dev i-05e50f67e9dda4278 (10.100.7.92)\n  » eks i-03623ba03fc2dab6f (10.100.9.64)\n    eks i-07f1430c8a05d00a7 (10.100.11.246)\n    gitlab-runner-hosted-dev i-0191ea736eca6db2f (10.100.10.29)\n```\n\nRun with debug logging enabled:\n\n```shell\n$ essh -d -p i-0cc2be02456a7180c\nDEBUG Setting region from AWS_DEFAULT_REGION env: eu-west-1\nDEBUG All cmd line args passed in\nDEBUG flag_pos: 0, flag: i-0cc2be02456a7180c\nDEBUG\nDEBUG host: 34.245.6.105\nDEBUG adding key to agent\nDEBUG pushing public key to instance\nrunning command: ssh -l ec2-user 34.245.6.105\nLast login: Fri Apr  3 21:40:35 2020 from 90.199.173.2\n\n       __|  __|_  )\n       _|  (     /   Amazon Linux 2 AMI\n      ___|\\___|___|\n\nhttps://aws.amazon.com/amazon-linux-2/\n5 package(s) needed for security, out of 5 available\nRun \"sudo yum update\" to apply all updates.\n[ec2-user@ip-172-30-0-254 ~]$\n```\n\n\n## Build\n\n```shell\n$ go build\n```\n\nPut the resulting `essh` binary somewhere in your `$PATH`.\n\n\n## Releasing\n\nTo create a new release, just tag the repo and run goreleaser:\n\n```shell\n$ git tag -a [tag] -m \"Release message\"\n$ git push origin [tag]\n$ goreleaser --rm-dist\n```\n\n\n## TODO\n\n- Exit with the ssh command exit code\n- Add support for setting the default user as an environment variable for shops that use ubuntu etc.\n- Add tests\n\n\n## License\n\nThe project is open-source software licensed under the [MIT license](http://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fz0mbix%2Fessh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fz0mbix%2Fessh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fz0mbix%2Fessh/lists"}