In this codelab, we will configure SSH access to an Amezmo application instance. We will create an SSH key pair, upload the public key to Amezmo and then connect using SSH.
An Amezmo application instance contains an SSH server. You can connect to the application instance using SSH. Before we can connect, we must create an SSH key pair and upload the public key to Amezmo.
There are two items to specify. The first is the filenames to write the key pair to. The second is the private key size in bits. 1024 bits is the minimum usuable size today. 2048, 3072 or 4096 is recommended. We will use 4096 bit private keys.Open a command prompt and run the following command:
ssh-keygen -f %HOMEPATH%\.ssh\amezmo -b 4096
ssh-keygen -f ~/.ssh/amezmo -b 4096
The above command will generate two files: amezmo and amezmo.pub.
SSH clients use the SSH private key to connect to an SSH server. SSH Servers use the SSH public key to verify the client. Using the SSH key pairs, the SSH protocol selects a symmetric encryption key to encrypt and protect traffic.
Using a text editor, such as notepad, open the public key file amezmo.pub that was created by ssh-keypair in the previous step. Select everything and copy to the clipboard.
In the Amezmo application window, select the Overview tab. Located below the HTTP Metrics section is the SSH section. Click the Ellipsis (three horizontal dots). This brings up a menu. Select Add public key.
A dialog will appear. Enter something for the Key name and paste the contents of the SSH public key into the Public SSH key control. Click Add key when complete.
Next enable SSH. Click the green slider button to enable SSH. Click trusted IP address to enter your public IP address to only allow your system to connect to the application instance SSH server. Make note of the SSH command underneath the SSH green slider. We will use that in a later step.
Only trusted IP addresses are allowed to connect to the Amezmo application instance. Amezmo has a nice feature to auto detect your public IP address.
Under Trusted IP addresses, click on the text entry control. Your public IP address will be present in the drop-down list. You can add multiple IP addresses. At this time, CIDR blocks (18.104.22.168/24) cannot be entered.
Make note of the SSH command underneath the SSH green slider.
Open a command prompt and run the following command:
ssh -p 15001 firstname.lastname@example.org -i %HOMEPATH%\.ssh\amezmo
ssh -p 15001 email@example.com -i ~/.ssh/amezmo
The SSH client will connect to the Amezmo application instance. You must approve connecting to the application instance.
The authenticity of host '[37426aa0f1.lb2.amezmo.co]:14501 ([18.123.456.123]:15001)' can't be established. ECDSA key fingerprint is SHA256:v5S4LcCx9abf2WVEWa5kgw2ZTtVJD1GDnWm0P+Oamdw. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[37426aa0f1.lb2.amezmo.co]:14501,[18.123.456.123]:15001' (ECDSA) to the list of known hosts. Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-1099-aws x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. deployer@mywebapp-edc6e01a27:~$
You now have a Linux shell running within the application instance. This is useful while debugging your application running in Amezmo. Do not forget that any changes you make will be lost when the container restarts or an application is deployed.
If you are like me, you connect to numerous systems via SSH. Remembering hostnames, IP addresses, SSH key pairs, and usernames can be challenging.
Fortunately, the SSH client supports a configuration file config located in the ~/.ssh directory.
Edit, or create a file named config located in the ~/.ssh directory and add the following content:
Host mywebapp HostName 37426aa0f1.lb2.amezmo.co Port 15001 User deployer IdentityFile ~/.ssh/amezmo
If you have configured a domain name for this application, use the domain name for the hostname. The port number is unique to each application instance.
Host mywebapp HostName mywebapp.example.com Port 15001 User deployer IdentityFile ~/.ssh/amezmo
SSH.COM has a document on the format of the SSH config fileSSH config file for OpenSSH client
In this codelab, we setup SSH access to our application instance. We also configured trusted IP addresses and setup ~/.ssh/config to remember our connection information.