Open SSH Tunnel with private key stored in S3
Question:
If I run the following code, my SSH Tunnel works perfectly.
from sshtunnel import SSHTunnelForwarder
tunnel = SSHTunnelForwarder(
ssh_host=(SSH_JUMPHOST, SSH_PORT),
ssh_username=SSH_USERNAME,
ssh_pkey="/path/to/key/in/my/machine",
remote_bind_address=(
REMOTE_HOST,
REMOTE_PORT,
),
local_bind_address=("127.0.0.1", 12345),
ssh_private_key_password=SSH_PKEY_PASSWORD,
)
tunnel.start()
# Things happen in the tunnel...
However, I want to read a .pem key that is stored in an S3 bucket. How can I read and pass the key to the SSHTunnelForwarder constructor?
from sshtunnel import SSHTunnelForwarder
S3_BUCKET = "the_bucket"
S3_KEY_PATH = "the_key.pem"
tunnel = SSHTunnelForwarder(
ssh_host=(SSH_JUMPHOST, SSH_PORT),
ssh_username=SSH_USERNAME,
ssh_pkey=??????, ################ What should I include here?
remote_bind_address=(
REMOTE_HOST,
REMOTE_PORT,
),
local_bind_address=("127.0.0.1", 12345),
ssh_private_key_password=SSH_PKEY_PASSWORD,
)
tunnel.start()
# Things happen in the tunnel...
Answers:
In the end, I surrendered to Furas suggestion since I couldn’t find an alternative way to get it done.
The idea is to download the key file and point to the downloaded copy. With the following code, it can be structured to leave the file available for the shortest amount of time possible and ensure to best ability that it gets deleted after the tunnel has been opened.
from sshtunnel import SSHTunnelForwarder
S3_BUCKET = "the_bucket"
S3_KEY_PATH = "the_key.pem"
try:
s3.download_file(S3_BUCKET_NAME, S3_KEY_PATH , "temp")
tunnel = SSHTunnelForwarder(
ssh_host=(SSH_JUMPHOST, SSH_PORT),
ssh_username=SSH_USERNAME,
ssh_pkey="temp",
remote_bind_address=(
DW_HOST,
DW_PORT,
),
local_bind_address=("127.0.0.1", DW_PORT),
ssh_private_key_password=SSH_PKEY_PASSWORD,
)
except Exception as e:
raise e
finally:
# No matter what happens above, we always delete the temp copy of the key
os.remove("temp")
tunnel.start()
# Things happen in the tunnel...
If I run the following code, my SSH Tunnel works perfectly.
from sshtunnel import SSHTunnelForwarder
tunnel = SSHTunnelForwarder(
ssh_host=(SSH_JUMPHOST, SSH_PORT),
ssh_username=SSH_USERNAME,
ssh_pkey="/path/to/key/in/my/machine",
remote_bind_address=(
REMOTE_HOST,
REMOTE_PORT,
),
local_bind_address=("127.0.0.1", 12345),
ssh_private_key_password=SSH_PKEY_PASSWORD,
)
tunnel.start()
# Things happen in the tunnel...
However, I want to read a .pem key that is stored in an S3 bucket. How can I read and pass the key to the SSHTunnelForwarder constructor?
from sshtunnel import SSHTunnelForwarder
S3_BUCKET = "the_bucket"
S3_KEY_PATH = "the_key.pem"
tunnel = SSHTunnelForwarder(
ssh_host=(SSH_JUMPHOST, SSH_PORT),
ssh_username=SSH_USERNAME,
ssh_pkey=??????, ################ What should I include here?
remote_bind_address=(
REMOTE_HOST,
REMOTE_PORT,
),
local_bind_address=("127.0.0.1", 12345),
ssh_private_key_password=SSH_PKEY_PASSWORD,
)
tunnel.start()
# Things happen in the tunnel...
In the end, I surrendered to Furas suggestion since I couldn’t find an alternative way to get it done.
The idea is to download the key file and point to the downloaded copy. With the following code, it can be structured to leave the file available for the shortest amount of time possible and ensure to best ability that it gets deleted after the tunnel has been opened.
from sshtunnel import SSHTunnelForwarder
S3_BUCKET = "the_bucket"
S3_KEY_PATH = "the_key.pem"
try:
s3.download_file(S3_BUCKET_NAME, S3_KEY_PATH , "temp")
tunnel = SSHTunnelForwarder(
ssh_host=(SSH_JUMPHOST, SSH_PORT),
ssh_username=SSH_USERNAME,
ssh_pkey="temp",
remote_bind_address=(
DW_HOST,
DW_PORT,
),
local_bind_address=("127.0.0.1", DW_PORT),
ssh_private_key_password=SSH_PKEY_PASSWORD,
)
except Exception as e:
raise e
finally:
# No matter what happens above, we always delete the temp copy of the key
os.remove("temp")
tunnel.start()
# Things happen in the tunnel...