A web-based ssh console to execute commands and manage multiple EC2 instancessimultaneously running on Amazon Web Services (AWS). Bastillion-EC2 allows you to shareterminal commands and upload files to all your EC2 instances. Once the sessionshave been opened you can select a single EC2 instance or any combination to runyour commands. Also, additional instance administrators can be added and theirterminal sessions and history can be audited.
Bastillion-EC2 is available for free use under the Affero General Public License
https://github.com/bastillion-io/Bastillion-EC2/releases
or purchase from the AWS marketplace
https://aws.amazon.com/marketplace/pp/Loophole-LLC-Bastillion-for-EC2/B076D7XMK6
Open-JDK / Oracle-JDK - 1.9 or greater
apt-get install openjdk-9-jdk
http://www.oracle.com/technetwork/java/javase/downloads/index.html
Install Authy or Google Authenticator to enable two-factor authentication with Android or iOS
Application | Android | iOS |
---|---|---|
Authy | Google Play | iTunes |
Google Authenticator | Google Play | iTunes |
Download bastillion-ec2-jetty-vXX.XX.tar.gz
https://github.com/bastillion-io/Bastillion-EC2/releases
Export environment variables
for Linux/Unix/OSX
export JAVA_HOME=/path/to/jdk
export PATH=$JAVA_HOME/bin:$PATH
for Windows
set JAVA_HOME=C:\path\to\jdk
set PATH=%JAVA_HOME%\bin;%PATH%
Start Bastillion
for Linux/Unix/OSX
./startBastillion-EC2.sh
for Windows
startBastillion-EC2.bat
More documentation at: https://www.bastillion.io/docs/bastillion-ec2/index.html
Install Maven 3 or greater
apt-get install maven
Install Loophole MVC
Export environment variables
export JAVA_HOME=/path/to/jdk
export M2_HOME=/path/to/maven
export PATH=$JAVA_HOME/bin:$M2_HOME/bin:$PATH
In the directory that contains the pom.xml run
mvn package jetty:run
Note: Doing a mvn clean will delete the H2 DB and wipe out all the data.
Open browser to https://<whatever ip>:8443
Login with
username:admin
password:changeme
Note: When using the AMI instance, the password is defaulted to the <Instance ID>. Also, the AMI uses port 443 as in https://<Instance IP>:443
Steps:
#AWS IAM access key
accessKey=
#AWS IAM secret key
secretKey=
More info at https://www.bastillion.io/docs/bastillion-ec2/index.html
Administrative access can be restricted through the use of tags defined in a user's profile. Profile tags must correspond to the instance tags that have been set through the AWS console.
Tags work on a name or name/value pair.
for example
tag-name
tag-name=mytag
or multiple
tag-name1,tag-name2
tag-name1=mytag1,tag-name2=mytag2
Bastillion-EC2 generates its own public/private SSH key upon initial startup for use when registering systems. You can specify a custom SSH key pair in the Bastillion-EC2Config.properties file.
For example:
#set to true to regenerate and import SSH keys --set to true
resetApplicationSSHKey=true
#SSH Key Type 'dsa' or 'rsa'
sshKeyType=rsa
#private key --set pvt key
privateKey=/Users/kavanagh/.ssh/id_rsa
#public key --set pub key
publicKey=/Users/kavanagh/.ssh/id_rsa.pub
#default passphrase --leave blank if passphrase is empty
defaultSSHPassphrase=myPa$$w0rd
After startup and once the key has been registered it can then be removed from the system. The passphrase and the key paths will be removed from the configuration file.
External Authentication can be enabled through the Bastillion-EC2Config.properties.
For example:
#specify a external authentication module (ex: ldap-ol, ldap-ad). Edit the jaas.conf to set connection details
jaasModule=ldap-ol
Connection details need to be set in the jaas.conf file
ldap-ol {
com.sun.security.auth.module.LdapLoginModule SUFFICIENT
userProvider="ldap://hostname:389/ou=example,dc=bastillion,dc=com"
userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
authzIdentity="{cn}"
useSSL=false
debug=false;
};
Administrators will be added as they are authenticated and profiles of systems may be assigned by full-privileged users.
User LDAP roles can be mapped to profiles defined in Bastillion-EC2 through the use of the org.eclipse.jetty.jaas.spi.LdapLoginModule.
ldap-ol-with-roles {
//openldap auth with roles that can map to profiles
org.eclipse.jetty.jaas.spi.LdapLoginModule required
debug="false"
useLdaps="false"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="<SERVER>"
port="389"
bindDn="<BIND-DN>"
bindPassword="<BIND-DN PASSWORD>"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="ou=users,dc=bastillion,dc=com"
userRdnAttribute="uid"
userIdAttribute="uid"
userPasswordAttribute="userPassword"
userObjectClass="inetOrgPerson"
roleBaseDn="ou=groups,dc=bastillion,dc=com"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="groupOfNames";
};
Users will be added/removed from defined profiles as they login and when the role name matches the profile name.
Auditing is disabled by default. Audit logs can be enabled through the log4j2.xml by uncommenting the io.bastillion.manage.util.SystemAudit and the audit-appender definitions.
https://github.com/bastillion-io/Bastillion-EC2/blob/master/src/main/resources/log4j2.xml#L19-L22
Auditing through the application is only a proof of concept. It can be enabled in the BastillionConfig.properties.
#enable audit --set to true to enable
enableInternalAudit=true
Special thanks goes to these amazing projects which makes this (and other great projects) possible.
Third-party dependencies are mentioned in the 3rdPartyLicenses.md
Bastillion-EC2 is available use under the Affero General Public License
Loophole, LLC - Sean Kavanagh
Bastillion Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH key
问题内容: 如何使用Java中的aws-sdk以编程方式启动和停止Amazon EC2实例? 非常感谢您的帮助,因为我花了一天的时间来解决这个问题。 问题答案: 我最近已经在Bamboo AWS插件中 实现了此功能;它是开源的,代码可在Bitbucket上找到,您可以找到一个完整的示例如何在EC2Task.java中启动/停止/重启实例(a,实际上应该是一个单独的类)。 幸运的是,这一点都不复杂,
问题内容: 我有一个运行在Amazon EC2服务器上的简单meteor应用程序。一切都很好。我通过项目目录中的用户手动启动它。 但是,我想要这个应用程序 开机启动 不受挂断的困扰 我尝试通过运行它,但是当我尝试注销EC2实例时,出现“您有正在运行的作业”消息。继续注销将停止该应用程序。 如何使应用程序在启动时启动并保持运行状态(除非由于某种原因而崩溃)? 问题答案: 永久安装并使用启动脚本。 我
问题内容: 我已经成功安装了Amazon ec2微型实例(Ubuntu 13.04)上的默认python编译器。但是我无法在virtualenv中安装。 以这个错误结束 和 在任何人问之前。对于默认的编译器返回 virtualenv命令返回 问题答案: 一种解决方案是临时在微型实例上启用交换。如本SO文章所述,可通过以下方式启用1gb交换: 一旦交换打开,通过pip安装scipy: scipy成功
问题内容: 从在EC2 Amazon Linux计算机上运行开始时,将显示不支持所有已配置的ECDHE套件的打印。 这些在- 中启用 我读过Oracle Java 8 应该支持这些协议,但是OpenJDK可能不支持这些协议吗?还是应该以某种方式启用它? 更新资料 Oracle的JCE加密提供程序安装在下,但没有帮助。 问题答案: 因此,我正在运行类似的设置,其中一个AWS盒子运行openjdk-1
问题内容: 如何在Amazon EC2上创建子域? 在httpd.conf中添加虚拟主机是否就足够了?还是需要进行其他任何更改? 谢谢 问题答案: 取决于您的服务器软件。但是正如您提到的httpd.conf一样,您有可能在Linux发行版上运行Apache。如果是这样,那么添加虚拟主机就足够了。这是一种实现方法: 购买域名。如果您有一个,请跳过此步骤,我们以example.com为例。 查找您的E