使用存儲在 S3 中的私鑰打開 SSH 隧道

Question

如果我運行以下代碼，我的 SSH 隧道可以完美運行。

from sshtunnel import SSHTunnelForwarder

tunnel = SSHTunnelForwarder(
    ssh_host=(SSH_JUMPHOST, SSH_PORT),
    ssh_username=SSH_USERNAME,
    ssh_pkey="/path/to/key/in/my/machine",
    remote_bind_address=(
        REMOTE_HOST,
        REMOTE_PORT,
    ),
    local_bind_address=("127.0.0.1", 12345),
    ssh_private_key_password=SSH_PKEY_PASSWORD,
)

tunnel.start()

# Things happen in the tunnel...

但是，我想讀取存儲在 S3 存儲桶中的.pem密鑰。 如何讀取密鑰並將其傳遞給SSHTunnelForwarder構造函數？

from sshtunnel import SSHTunnelForwarder

S3_BUCKET = "the_bucket"
S3_KEY_PATH = "the_key.pem"

tunnel = SSHTunnelForwarder(
    ssh_host=(SSH_JUMPHOST, SSH_PORT),
    ssh_username=SSH_USERNAME,
    ssh_pkey=??????, ################ What should I include here?
    remote_bind_address=(
        REMOTE_HOST,
        REMOTE_PORT,
    ),
    local_bind_address=("127.0.0.1", 12345),
    ssh_private_key_password=SSH_PKEY_PASSWORD,
)

tunnel.start()

# Things happen in the tunnel...

Answer 1

最后，我屈服於 Furas 的建議，因為我找不到其他方法來完成它。

這個想法是下載密鑰文件並指向下載的副本。 使用以下代碼，可以將其構建為在盡可能短的時間內使文件可用，並確保在隧道打開后盡可能將其刪除。

from sshtunnel import SSHTunnelForwarder

S3_BUCKET = "the_bucket"
S3_KEY_PATH = "the_key.pem"

try:
    s3.download_file(S3_BUCKET_NAME, S3_KEY_PATH , "temp")
    tunnel = SSHTunnelForwarder(
        ssh_host=(SSH_JUMPHOST, SSH_PORT),
        ssh_username=SSH_USERNAME,
        ssh_pkey="temp",
        remote_bind_address=(
            DW_HOST,
            DW_PORT,
        ),
        local_bind_address=("127.0.0.1", DW_PORT),
        ssh_private_key_password=SSH_PKEY_PASSWORD,
    )
except Exception as e:
    raise e
finally:
    # No matter what happens above, we always delete the temp copy of the key
    os.remove("temp")

tunnel.start()

# Things happen in the tunnel...