@@ -45,11 +45,14 @@ ENVIRONMENT
4545 * \` $OCI_INSTANCE_OCID \` , e.g., \` ocid1.instance.oc1.iad.xx\`
4646 * \` $OCI_BASTION_OCID \` , e.g., \` ocid1.bastion.oc1.iad.xx\`
4747
48+ * One of the following SSH key pairs in \` ~/.ssh/\` : \` id_rsa*\` , \` id_dsa*\` , \` id_ecdsa*\` , \` id_ed25519*\` , or
49+ \` id_xmss*\` . If there are multiple keys the first one found from the list above will be used.
50+
4851 Limitations for the \` host_user\` mode:
4952 1. This is the only OCI bastion session proxy jump host that is being configured in the SSH config.
5053 2. The private host IP is not yet configured in the SSH config before the first run of this script.
5154
52- v1.0 .0 October 2022 Created by Dima Korobskiy
55+ v1.1 .0 October 2022 Created by Dima Korobskiy
5356Credits: George Chacko, Oracle
5457HEREDOC
5558 exit 1
@@ -162,7 +165,7 @@ if ! command -v jq >/dev/null; then
162165 exit 1
163166fi
164167
165- for required_env_var in OCI_INSTANCE_IP OCI_INSTANCE_OCID OCI_BASTION_OCID; do
168+ for required_env_var in ' OCI_INSTANCE_IP' ' OCI_INSTANCE_OCID' ' OCI_BASTION_OCID' ; do
166169 if [[ ! ${! required_env_var} ]]; then
167170 echo " Please define $required_env_var "
168171 exit 1
@@ -174,12 +177,25 @@ echo -e "\n# oci-bastion.sh: running under $(whoami)@${HOSTNAME} in ${PWD} #"
174177
175178readonly MAX_TTL=$(( 3 * 60 * 60 ))
176179readonly CHECK_INTERVAL_SEC=5
177- readonly SSH_PUB_KEY=~ /.ssh/id_rsa.pub
178180# Intermittent `Permission denied (publickey)` errors might occur when trying to ssh immediately after session creation
179- readonly AFTER_SESSION_CREATION_WAIT=5
181+ readonly AFTER_SESSION_CREATION_WAIT=10
182+
183+ # Determine which keypair ssh uses by default.
184+ # The default key order as of OpenSSH 8.1p1m (see `ssh -v {destination}`)
185+ for key_pair in ' id_rsa' ' id_dsa' ' id_ecdsa' ' id_ed25519' ' id_xmss' ; do
186+ key_file=~ /.ssh/$key_pair
187+ if [[ -f $key_file ]]; then
188+ readonly SSH_PUB_KEY=~ /.ssh/$key_pair .pub
189+ echo " Using $key_file and $SSH_PUB_KEY keys"
190+ break
191+ fi
192+ done
180193
181194if [[ $port ]]; then
182195 echo -e " \nCreating a port forwarding tunnel for the port $port : this can take up to 20s to succeed ..."
196+ # `--session-ttl`: session duration in seconds (defaults to 30 minutes, maximum is 3 hours).
197+ # `--wait-interval-seconds`: state check interval (defaults to 30 seconds).
198+ # `--ssh-public-key-file` is required
183199 session_ocid=$( time oci bastion session create-port-forwarding --bastion-id " $OCI_BASTION_OCID "
184200 --target-resource-id " $OCI_INSTANCE_OCID " " ${OCI_INSTANCE_IP} " " $port "
185201 --session-ttl $MAX_TTL --ssh-public-key-file $SSH_PUB_KEY --wait-for-state SUCCEEDED --wait-for-state FAILED \
@@ -190,7 +206,7 @@ if [[ $port ]]; then
190206 # Remove the placeholder
191207 ssh_command=" ${ssh_command/ -i <privateKey>/ } "
192208 # Replace the placeholder
193- ssh_command=" ${ssh_command/ <localPort>/ " localhost:$port " "
209+ ssh_command=" ${ssh_command/ <localPort>/ localhost: $port } "
194210 sleep $AFTER_SESSION_CREATION_WAIT
195211
196212 echo -e " \nLaunching an SSH tunnel"
@@ -205,6 +221,7 @@ if [[ $HOST_USER ]]; then
205221 echo -e " \nCreating a bastion session: this can take up to 1m:20s to succeed..."
206222 # `--session-ttl`: session duration in seconds (defaults to 30 minutes, maximum is 3 hours).
207223 # `--wait-interval-seconds`: state check interval (defaults to 30 seconds).
224+ # `--ssh-public-key-file` is required
208225 session_ocid=$( time oci bastion session create-managed-ssh --bastion-id " $OCI_BASTION_OCID "
209226 --target-resource-id " $OCI_INSTANCE_OCID " " $HOST_USER " $MAX_TTL \
210227 --ssh-public-key-file $SSH_PUB_KEY --wait-for-state SUCCEEDED --wait-for-state FAILED \
0 commit comments