Skip to main content

Project of the day: SSH daemon for EC2 Windows AMIs

Posted by kohsuke on May 20, 2009 at 1:07 AM PDT

In my attempt to make Hudson EC2 plugin (which I blogged earlier) work with Windows AMIs, I wrote a little SSH daemon.

Here's the problem statement. Windows AMIs on EC2 do not have any built-in programmable remote access technology. This is a really poor packaging job of Amazon — their documentation talks about doing the remote desktop protocol (RDP) to talk to the server. This obviously prevents programs like Hudson to talk to the launched Windows instances.

The program I wrote is an SSH daemon, in the sense that it speaks SSH protocol, but at the same time, it's not a real SSH daemon. It's packaged specifically for EC2 use cases.

For example, it's not capable of launching a process in a different user account. Regardless of the user name that you provided to the authentication, the daemon will always create a new process with the same user that the daemon itself runs. It also only accepts a public key authentication, and you must provide a key you used to launch the EC2 instance. This is the most critical part of this daemon, which makes sure that only the authorized users can access the instance.

The daemon implements SCP and process execution part of SSH, so you can copy files both ways, and start arbitrary proceses on the server (and connect stdin/out/err to SSH client.) OTOH, Windows don't have the terminal in the same way Unix does, so launching a shell wouldn't really work.

For more about the project, see the project website.

Related Topics >>

Comments

There's a saying in Japanese that basically amounts to "whoever mentioned it first is responsible for actually doing it." So, mcrooney, here's an invitation to join the dev team --- would you be interested in giving it a shot at the phpunit plugin?

Your recent plug-ins sound pretty exciting! Think of what a(nother) great contribution to the community you could perform by banging out a phpunit plugin next! :)

I'm using it :-) If I were implementing an sshd from scratch, there's no way I can do it in one day. The work I did is to package that up into doing what I want it to do.

Did you see this? http://mina.apache.org/sshd/ It's an SSHD implementation based on MINA. Could be easier than maintaining your own.

By the way, zeroconf is also a great way to let hudson announce itself...