stackoom
  简体   繁体   中英

Automating SSH/SCP to server with IP address that changes (Amazon EC2)

 原文  2015-01-14 02:32:09       amazon-ec2/ automation/ scp

Question

In the project I'm working on, I have a script which runs nightly on Server A and launches an EC2 instance (Server B) which processes some data. Part of the data processing involves sending a file from Server A to Server B. Since the IP address is different every time a new instance is launched, I get the standard "The authenticity of host '' can't be established... Are you sure you want to continue connecting (yes/no)?".

Because of this, I have been struggling to automate this using scp. My first approach was to try to parse this message, validate the fingerprint (I know what the fingerprint should be), and then have my script enter the correct response (yes or no). I was unable to get this to work because (from what I've read) scp doesn't read/write to stdin/stdout. A security feature I guess?

Next I tried to write the ~/.ssh/known_hosts file directly so I wouldn't get this message. This worked flawlessly, except in the case where there is an actual man-in-the-middle attack, in which case the fingerprint is obviously incorrect, and this message appears. Although unlikely, I would like to account for this case as well. Even something as simple as detecting that this message appeared, then retrying the connection, has proved difficult.

I'm currently using PHP (because that's what the rest of script on Server A is written in), but I've tried Ruby and BASH as well. I'm willing to write this in any language that will let me get this working.

Also, I've seen recommendations for using "stricthostkeychecking=no", but I'd really rather not do that, as this is in a production environment.

2 answers

solution1
 1 ACCPTED  2015-01-14 04:21:03

An alternative approach might be:

  • Have Server A copy the file to a known path in Amazon S3
  • When Server B launches, use a User Data script to configure the machine, including copying the file down from S3

This is likely to be a simpler and more reliable approach, with less components that can fail.

solution2
 0  2015-01-14 04:17:46

It looks like the -o StrictHostKeyChecking=no option might do it.

See:

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Amazon ec2 hosting server ip address scp to Amazon EC2 fails but ssh works scp from Amazon ec2 is hanging, but SSH works fine Using SCP/SSH in Ruby with a pem file in an Amazon EC2 instance Amazon EC2 instance and Elastic IP address amazon aws ec2 public ip address Using static IP address with Amazon EC2 Update ALB with changes in EC2 ip address ssh not working for Amazon EC2 server Automating SSH access into ec2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM