SSH to AWS EC2 with Key File

[arnoldtonderaimarunda]

I was connecting to a virtual server on namecheap via SSH as follows

gateway = Net::SSH::Gateway.new(host, username,
  password: "xxxxxxxx",
  port: "21098",
  )

we have now migrated to AWS EC2 and connect to the instance using a key file *.pem. How do I use this gem with the key file to create an SSH tunnel?

Yours assistance is greatly appreciated. Many thanks

[jonn]

Digging around online I found that you can specify "keys" as part of the options after host, username.

Net::SSH::Gateway.new(remote_host, remote_user, keys: ['/path/to/key.pem'])

[Genkilabs]

For those on Rails, you can use the param :key_data to put a string directly in the gateway. This means you can store your PK in the encrypted rails credentials system.

key = Rails.application.credentials.dig(:aws, :staging, :rsa_key)
gateway = Net::SSH::Gateway.new('my-ec2-endpoint', 'ec2-user', :key_data => [key], :keepalive => true)
my_new_port = gateway.open('my-serverless-aurora-db.12345.us-east-1.rds.amazonaws.com', 5432)

In the above example, this will create a port to connect ActiveRecord to a serverless postgresql aurora DB, but tunneling through a generic (unmodified) AWL Linux 2 AMI.
After that you can connect as normal on your local IP:

url: postgres://db_user:db_password@127.0.0.1:<%= my_new_port %>/database_name

The only caveat here is that if you store the PK as a string, it needs to include the \n character as appropriate. ie. your credentials should look like this when you do >rails credentials.show

aws:
  staging:
    rsa_key: "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAnIf4....

For your own reference, you can find the full list of params in Net::SSH.start https://www.rubydoc.info/github/net-ssh/net-ssh/Net/SSH#start-class_method

...perhaps consider adding this solution in a project wiki until a better one comes along?