0

If I run the following code, my SSH Tunnel works perfectly.

from sshtunnel import SSHTunnelForwarder

tunnel = SSHTunnelForwarder(
    ssh_host=(SSH_JUMPHOST, SSH_PORT),
    ssh_username=SSH_USERNAME,
    ssh_pkey="/path/to/key/in/my/machine",
    remote_bind_address=(
        REMOTE_HOST,
        REMOTE_PORT,
    ),
    local_bind_address=("127.0.0.1", 12345),
    ssh_private_key_password=SSH_PKEY_PASSWORD,
)

tunnel.start()

# Things happen in the tunnel...

However, I want to read a .pem key that is stored in an S3 bucket. How can I read and pass the key to the SSHTunnelForwarder constructor?

from sshtunnel import SSHTunnelForwarder

S3_BUCKET = "the_bucket"
S3_KEY_PATH = "the_key.pem"

tunnel = SSHTunnelForwarder(
    ssh_host=(SSH_JUMPHOST, SSH_PORT),
    ssh_username=SSH_USERNAME,
    ssh_pkey=??????, ################ What should I include here?
    remote_bind_address=(
        REMOTE_HOST,
        REMOTE_PORT,
    ),
    local_bind_address=("127.0.0.1", 12345),
    ssh_private_key_password=SSH_PKEY_PASSWORD,
)

tunnel.start()

# Things happen in the tunnel...
Pablo M
  • 326
  • 2
  • 7
  • 1
    as for me you would have to first download it as any other file. – furas Sep 08 '22 at 12:40
  • @furas Thanks. I agree, that is an option. But I'm still wondering if there is a way to get the key read without relying on the file system. – Pablo M Sep 09 '22 at 09:16
  • the only idea is to use some module which can mount `S3` as local folder and then you have access to `S3` like to any other file. But this type of modules simply download file (to temporary folder) and server it as local file - but modules hide this and you see it as local file. [python - How to mount S3 bucket as local FileSystem? - Stack Overflow](https://stackoverflow.com/questions/58716888/how-to-mount-s3-bucket-as-local-filesystem) – furas Sep 09 '22 at 09:47

1 Answers1

0

In the end, I surrendered to Furas suggestion since I couldn't find an alternative way to get it done.

The idea is to download the key file and point to the downloaded copy. With the following code, it can be structured to leave the file available for the shortest amount of time possible and ensure to best ability that it gets deleted after the tunnel has been opened.

from sshtunnel import SSHTunnelForwarder

S3_BUCKET = "the_bucket"
S3_KEY_PATH = "the_key.pem"

try:
    s3.download_file(S3_BUCKET_NAME, S3_KEY_PATH , "temp")
    tunnel = SSHTunnelForwarder(
        ssh_host=(SSH_JUMPHOST, SSH_PORT),
        ssh_username=SSH_USERNAME,
        ssh_pkey="temp",
        remote_bind_address=(
            DW_HOST,
            DW_PORT,
        ),
        local_bind_address=("127.0.0.1", DW_PORT),
        ssh_private_key_password=SSH_PKEY_PASSWORD,
    )
except Exception as e:
    raise e
finally:
    # No matter what happens above, we always delete the temp copy of the key
    os.remove("temp")

tunnel.start()

# Things happen in the tunnel...
Pablo M
  • 326
  • 2
  • 7