aws ec2-instance-connect ssh - allow customise the ssh command line

[shaicoleman]

Describe the feature

aws ec2-instance-connect ssh should support passing additional arguments directly to /usr/bin/ssh.
This would give users full control over debugging, connection parameters, automation, and security settings.

Use Case

• Debugging: -vvv for verbose logs
• Authentication control: -o IdentitiesOnly=yes to avoid Too many authentication failures
• Automation / scripting: -o BatchMode=yes -o StrictHostKeyChecking=no for non-interactive use
• Remote command execution: e.g. ssh example.com free
• Security hardening: -o KexAlgorithms=mlkem768x25519-sha256 to enforce stronger ciphers
• Legacy server support: -o Ciphers=+aes128-cbc to connect to old servers
  (And many more — see man ssh.)

Proposed Solution

• Add a --no-ssh-connect with --output json (or similar) option, which outputs the full ssh command without executing it, so that calling scripts can modify and run it directly. Alternatively, it could just return a JSON with all the different parameters that are required to connect so that the client can run it directly.
  This would also allow alternative SSH clients:, e.g. mosh for handling high latency intermittent connections

• Add an --ssh-args (or similar) option, which appends custom arguments to the underlying ssh command.

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CLI version used

aws-cli/2.28.16

Environment details (OS name and version, etc.)

Ubuntu 24.04

[adev-code]

Hello @shaicoleman, thanks for reaching out. This is a duplicate issue to #8952 and the EC2 Instance Connect team has been notified about this feature. Closing.

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.