MQSH - An SSH alternative with MQTT
Skip to the code: https://github.com/franklovecchio/mqsh
I got fed up with the Java implementations of SSH after this StackOverflow ticket went (mostly) unanswered; since I had been playing around with the idea of another (better) way to invoke commands remotely, I settled on using MQtt as the middle-man. In an ideal world, I wouldn’t need to execute direct commands to EC2 instances remotely — I could just just an AWS API call…or something. Oh, well.
Why MQtt and not 0MQ? Aside from v3.1 basic authentication, I like the idea of being able to log, via the broker, any commands sent + what client they were initiated from.* Also, since MQtt has quality of service levels to insure a message was sent and received, it at least ensures the command will be executed on the remote instance. With AWS and their wonderful security group implementation, it’s very easy to only allow commands from specific instances, public IPs, or other security groups — why bother managing keys when there is a friendly API to manage security :) And finally, there’s the idea of parallel-ssh; I frequently use the linked command-line tool for managing multiple instances, and using a broker-layer gives applications the same power by having multiple instances subscribed on the same control topic!
You’ll notice that the code examples on Github are half in Java, and half in Javascript; this is because I originally wrote MQsh as a plugin for node-monitor, my Node.js AWS CloudWatch application for monitoring EC2 instances. Since I’m currently working on a private version of that repo, and most of you won’t have have brokers setup, I figured I’d throw in a middle-man example so the demo is self-contained (mqttjs and mqtt-client are bad-ass). Once the plugin is done, I’ll be able to trigger CloudWatch alarms if a command failed…pretty cool :)
* It would make sense to create CloudWatch alarms based on these events as well.
Since the code examples + demo path on Github are pretty self-explanatory, no “snippets” here!
