SSH Access

Accessing components with SSH

You can directly access any Hydrolix component's underlying instance through the use of SSH. This requires a little extra preparation prior to the creation of a cluster, as well as comfort with using a Unix command line interface.

You control SSH access to components through the use of SSH keys, adding the public keys of trusted users to your Hydrolix client configuration.

Adding SSH keys to your Hydrolix configuration

You add keys to your client configuration through the update sub-command of the hdxctl command-line utility. As an additional argument, you supply either the name of an SSH key stored on AWS EC2, or the path to a local authorized-keys file.

After you add keys to your client configuration, the components of any clusters you subsequently create will allow SSH login via these keys' paired counterparts. Adding public keys to your configuration has no effect on clusters you have already created.

Adding keys stored on AWS

To add a public key that you have stored on AWS, use the --aws-ssh-key-name option of hdxctl, providing the key's AWS name as an argument.

For example, if you have an AWS-stored key named "my-ssh-key":

$ hdxctl update hdxcli-12354abc --aws-ssh-key-name my-ssh-key

To view a list of the keys you have stored on AWS, visit your EC2 console and select Key Pairs.

Adding locally stored keys

To add public keys from an OpenSSH authorized-keys file stored on your own computer, use the --ssh-authorized-keys option of hdxctl, providing a path to that file as an argument.

For example, to include all the public SSH keys stored in a file located at .ssh/authorized_keys within your own computer's home directory:

$ hdxctl update hdxcli-12354abc --ssh-authorized-keys ~/.ssh/authorized_keys

Connecting to a component via SSH (HDXCTL)

The easiest way to connect to an instance within a Hydrolix once the private SSH key that you wish to use has been configured is to use the HDXCTL command. Within this command you are able to connect to components through the hdxctl goto sub-command.

For example, to connect to your UI component via SSH:

$ hdxctl goto hdxcli-12354abc hdx-54321xyz ui

Connecting to a component via SSH (via Bastion)

Once you have updated your keys onto the Hydrolix cluster you are able to connect to bastion host via it's IP. To get a list of IP's you can use the HDXCTL instances command. Alternatively it is possible to use presence discover -s <service-name> to get a list of the IP's once on the bastion.

To SSH around the cluster SSH to the Bastion and then SSH through to the component you wish to look at. Note you should use Agent forwarding (-A). The user to use is ubuntu.

🚧

Note

In order to accept SSH access requests from a given IP address, you must also configure your cluster to accept traffic of any kind from that IP. See Enabling access to your cluster for more information.

Presence Discover

Presence discover is deployed on the Bastion so you can interrogate the IP's for your instances.

ubuntu@ip-10-0-1-50:~$ presence discover --help
Usage: presence discover [OPTIONS]

Options:
  --region TEXT
  -v, --verbose
  -s, --service TEXT
  -b, --bucket TEXT
  -p, --bucket-prefix TEXT
  --ttl INTEGER
  --help                    Show this message and exit.

For Example:

ubuntu@ip-10-0-1-10:~$ presence discover -s merge-peer
2021-06-03 09:43:03+00:00 10.0.3.154 
2021-06-03 09:43:07+00:00 10.0.2.157 
2021-06-03 09:43:31+00:00 10.0.2.72 
2021-06-03 09:43:48+00:00 10.0.3.29