Monday, December 06, 2010

Boot EC2 Instance With ssh on Port 80

In a thread on the EC2 forum, Marko describes a situation where an outbound firewall prevents the ability to ssh to port 22, which is the default port on all EC2 instances.

In that thread, Shlomo Swidler proposes creating a user-data script that changes sshd to listen on a port the firewall permits.

Here’s a simple example of a user-data script that does just that. Most outbound firewalls allow traffic to port 80 (web/HTTP), so I use it in this example.

The first step is to create a file containing the user-data script:

cat <<'EOM' >user-data-ssh-port-80.txt #!/bin/bash -ex perl -pi -e 's/^Port 22$/Port 80/' /etc/ssh/sshd_config /etc/init.d/ssh restart EOM

The first statement changes the sshd config to listen on port 80 instead of port 22, and the second statement restarts sshd so it will start using this new configuration.

Now you can run a new instance on Amazon EC2, passing in this user-data script. Since the AWS APIs use standard web ports, most outbound firewalls will let through these types of requests. In this example, I use an Ubuntu 10.04 Lucid AMI from Canonical which was current as of this article. Please use the most recent AMIs available.

ec2-run-instances --key YOURKEYPAIR --region us-east-1 --instance-type t1.micro --user-data-file user-data-ssh-port-80.txt ami-6c06f305

Save the instance id created and make a note of the IP address once it starts. Now you can ssh in to port 80 using the keypair you specified:

ssh -p 80 -i YOURKEYPAIR.pem ubuntu@184.72.134.192

After testing this, don’t forget to terminate your EC2 instance.

See also: Escaping Restrictive/Untrusted Networks with OpenVPN on EC2

Disclaimer

These instructions are not intended to assist in illegal activities. If you are breaking the laws or rules of your government or college or company or ISP, then you should understand the implications and be willing to accept consequences of your actions.

Posted via email from Sammy's posterous

No comments: