From ed1b5ff7a9528d91327d08b49037a0908ba49d8a Mon Sep 17 00:00:00 2001 From: Paulo Nonato Date: Sun, 19 Apr 2026 11:10:03 -0300 Subject: [PATCH] Add SSH Manager/README.md --- SSH Manager/README.md | 165 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 165 insertions(+) create mode 100644 SSH Manager/README.md diff --git a/SSH Manager/README.md b/SSH Manager/README.md new file mode 100644 index 0000000..3e0c7a8 --- /dev/null +++ b/SSH Manager/README.md @@ -0,0 +1,165 @@ +# SSH Manager + +SSH Manager is a small PowerShell tool that opens an interactive menu with predefined servers and connects to the selected host through `ssh.exe`. + +This version uses mocked server names and safe example domains. It is intended for portfolio, documentation, and internal-tooling demonstrations without exposing real company infrastructure. + +## Purpose + +The script helps operations and DevOps teams avoid typing long SSH commands repeatedly. It groups servers by environment, displays a clean numbered menu, and launches the SSH connection for the selected host. + +## Features + +- Environment menu ordered as `DEV`, `QAS`, `PRD`. +- Server menu sorted alphabetically by a short server name. +- Zero-padded numbering such as `01`, `02`, `03`. +- Aligned server-name column for easier reading. +- Support for standard SSH username/password flows. +- Optional SSH user prompt when `-SshUser` is not provided. +- Support for private key authentication. +- Support for OpenSSH certificate authentication. +- Certificate discovery from a file path or from a directory. +- Mocked hostnames that can be replaced with real internal hosts. + +## Requirements + +- Windows PowerShell or PowerShell 7. +- OpenSSH Client installed on Windows. + +Check if SSH is available: + +```powershell +ssh.exe -V +``` + +If it is missing, enable **OpenSSH Client** in Windows Optional Features. + +## Basic Usage + +Run the script: + +```powershell +.\ssh-manager.ps1 +``` + +Run with a custom SSH user: + +```powershell +.\ssh-manager.ps1 -SshUser devops +``` + +If `-SshUser` is not provided, the script asks for the SSH username after a server is selected: + +```powershell +.\ssh-manager.ps1 +``` + +## Using a Private Key + +Use the `-IdentityFile` option to connect with a private key: + +```powershell +.\ssh-manager.ps1 -SshUser devops -IdentityFile C:\Users\paulo\.ssh\id_ed25519 +``` + +The script passes the file to SSH using: + +```powershell +ssh.exe -i +``` + +## Using an OpenSSH Certificate + +If your environment uses OpenSSH user certificates, provide both the private key and the certificate file: + +```powershell +.\ssh-manager.ps1 ` + -SshUser devops ` + -IdentityFile C:\Users\paulo\.ssh\id_ed25519 ` + -CertificateFile C:\Users\paulo\.ssh\id_ed25519-cert.pub +``` + +The script passes the certificate to SSH using: + +```powershell +ssh.exe -o CertificateFile= +``` + +You can also pass a directory. In that case, the script searches for the first file matching one of these endings: + +- `-cert.pub` +- `.pem` +- `.crt` +- `.cer` + +Example: + +```powershell +.\ssh-manager.ps1 ` + -SshUser devops ` + -IdentityFile C:\Users\paulo\.ssh\id_ed25519 ` + -CertificateFile C:\Users\paulo\.ssh\certificates +``` + +Each server can also define its own `CertificatePath`. When `-CertificateFile` is not provided, the script tries to resolve a certificate from the selected server's `CertificatePath`. + +## Customizing Servers + +Edit the `$servers` array in `ssh-manager.ps1`. + +Each server uses this format: + +```powershell +@{ + Environment = "PROD" + Name = "Production - arlapi-prd-01.example.com" + Domain = "api-prd-01.example.com" + Host = "203.0.113.31" + Hostname = "arlapi-prd-01" + CertificatePath = ".\certificates" + Port = 22 +} +``` + +The menu uses: + +- `Environment` to group servers. +- `Name` to show a human-friendly label. +- `Domain` as a readable DNS label in the menu. +- `Host` as the SSH target. It can be a DNS name or an IP address. +- `Hostname` to build the short aligned server-name column. +- `CertificatePath` as an optional per-server certificate file or certificate directory. +- `Port` as the SSH port. + +## Short Server Name Column + +The script creates a short server name for display by removing: + +- The `arl` prefix. +- The `.corp.cat.com` suffix. +- The `.ecorp.cat.com` suffix. +- The `.lrd.cat.com` suffix. +- The `.example.com` suffix used by this mocked version. + +The short-name column is padded to the width of the longest name in the selected environment, keeping the menu aligned. + +## Execution Policy + +If PowerShell blocks script execution, run PowerShell as Administrator and use: + +```powershell +Set-ExecutionPolicy RemoteSigned -Scope LocalMachine +``` + +Or allow scripts only for the current user: + +```powershell +Set-ExecutionPolicy RemoteSigned -Scope CurrentUser +``` + +## Security Notes + +- Do not store private keys, passwords, tokens, or real host inventories in public repositories. +- Prefer SSH keys or OpenSSH certificates over password-based access. +- Keep real server lists in private repositories or secure configuration stores. +- Review SSH certificate validity and rotation policies before automating access.