166 lines
4.5 KiB
Markdown
166 lines
4.5 KiB
Markdown
# SSH Manager
|
|
|
|
SSH Manager is a small PowerShell tool that opens an interactive menu with predefined servers and connects to the selected host through `ssh.exe`.
|
|
|
|
This version uses mocked server names and safe example domains. It is intended for portfolio, documentation, and internal-tooling demonstrations without exposing real company infrastructure.
|
|
|
|
## Purpose
|
|
|
|
The script helps operations and DevOps teams avoid typing long SSH commands repeatedly. It groups servers by environment, displays a clean numbered menu, and launches the SSH connection for the selected host.
|
|
|
|
## Features
|
|
|
|
- Environment menu ordered as `DEV`, `QAS`, `PRD`.
|
|
- Server menu sorted alphabetically by a short server name.
|
|
- Zero-padded numbering such as `01`, `02`, `03`.
|
|
- Aligned server-name column for easier reading.
|
|
- Support for standard SSH username/password flows.
|
|
- Optional SSH user prompt when `-SshUser` is not provided.
|
|
- Support for private key authentication.
|
|
- Support for OpenSSH certificate authentication.
|
|
- Certificate discovery from a file path or from a directory.
|
|
- Mocked hostnames that can be replaced with real internal hosts.
|
|
|
|
## Requirements
|
|
|
|
- Windows PowerShell or PowerShell 7.
|
|
- OpenSSH Client installed on Windows.
|
|
|
|
Check if SSH is available:
|
|
|
|
```powershell
|
|
ssh.exe -V
|
|
```
|
|
|
|
If it is missing, enable **OpenSSH Client** in Windows Optional Features.
|
|
|
|
## Basic Usage
|
|
|
|
Run the script:
|
|
|
|
```powershell
|
|
.\ssh-manager.ps1
|
|
```
|
|
|
|
Run with a custom SSH user:
|
|
|
|
```powershell
|
|
.\ssh-manager.ps1 -SshUser devops
|
|
```
|
|
|
|
If `-SshUser` is not provided, the script asks for the SSH username after a server is selected:
|
|
|
|
```powershell
|
|
.\ssh-manager.ps1
|
|
```
|
|
|
|
## Using a Private Key
|
|
|
|
Use the `-IdentityFile` option to connect with a private key:
|
|
|
|
```powershell
|
|
.\ssh-manager.ps1 -SshUser devops -IdentityFile C:\Users\paulo\.ssh\id_ed25519
|
|
```
|
|
|
|
The script passes the file to SSH using:
|
|
|
|
```powershell
|
|
ssh.exe -i <identity-file>
|
|
```
|
|
|
|
## Using an OpenSSH Certificate
|
|
|
|
If your environment uses OpenSSH user certificates, provide both the private key and the certificate file:
|
|
|
|
```powershell
|
|
.\ssh-manager.ps1 `
|
|
-SshUser devops `
|
|
-IdentityFile C:\Users\paulo\.ssh\id_ed25519 `
|
|
-CertificateFile C:\Users\paulo\.ssh\id_ed25519-cert.pub
|
|
```
|
|
|
|
The script passes the certificate to SSH using:
|
|
|
|
```powershell
|
|
ssh.exe -o CertificateFile=<certificate-file>
|
|
```
|
|
|
|
You can also pass a directory. In that case, the script searches for the first file matching one of these endings:
|
|
|
|
- `-cert.pub`
|
|
- `.pem`
|
|
- `.crt`
|
|
- `.cer`
|
|
|
|
Example:
|
|
|
|
```powershell
|
|
.\ssh-manager.ps1 `
|
|
-SshUser devops `
|
|
-IdentityFile C:\Users\paulo\.ssh\id_ed25519 `
|
|
-CertificateFile C:\Users\paulo\.ssh\certificates
|
|
```
|
|
|
|
Each server can also define its own `CertificatePath`. When `-CertificateFile` is not provided, the script tries to resolve a certificate from the selected server's `CertificatePath`.
|
|
|
|
## Customizing Servers
|
|
|
|
Edit the `$servers` array in `ssh-manager.ps1`.
|
|
|
|
Each server uses this format:
|
|
|
|
```powershell
|
|
@{
|
|
Environment = "PROD"
|
|
Name = "Production - arlapi-prd-01.example.com"
|
|
Domain = "api-prd-01.example.com"
|
|
Host = "203.0.113.31"
|
|
Hostname = "arlapi-prd-01"
|
|
CertificatePath = ".\certificates"
|
|
Port = 22
|
|
}
|
|
```
|
|
|
|
The menu uses:
|
|
|
|
- `Environment` to group servers.
|
|
- `Name` to show a human-friendly label.
|
|
- `Domain` as a readable DNS label in the menu.
|
|
- `Host` as the SSH target. It can be a DNS name or an IP address.
|
|
- `Hostname` to build the short aligned server-name column.
|
|
- `CertificatePath` as an optional per-server certificate file or certificate directory.
|
|
- `Port` as the SSH port.
|
|
|
|
## Short Server Name Column
|
|
|
|
The script creates a short server name for display by removing:
|
|
|
|
- The `arl` prefix.
|
|
- The `.corp.cat.com` suffix.
|
|
- The `.ecorp.cat.com` suffix.
|
|
- The `.lrd.cat.com` suffix.
|
|
- The `.example.com` suffix used by this mocked version.
|
|
|
|
The short-name column is padded to the width of the longest name in the selected environment, keeping the menu aligned.
|
|
|
|
## Execution Policy
|
|
|
|
If PowerShell blocks script execution, run PowerShell as Administrator and use:
|
|
|
|
```powershell
|
|
Set-ExecutionPolicy RemoteSigned -Scope LocalMachine
|
|
```
|
|
|
|
Or allow scripts only for the current user:
|
|
|
|
```powershell
|
|
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser
|
|
```
|
|
|
|
## Security Notes
|
|
|
|
- Do not store private keys, passwords, tokens, or real host inventories in public repositories.
|
|
- Prefer SSH keys or OpenSSH certificates over password-based access.
|
|
- Keep real server lists in private repositories or secure configuration stores.
|
|
- Review SSH certificate validity and rotation policies before automating access.
|