Have a lot of Droplets? Use do-ssh-alias for easier SSH access

Posted 2020-05-07 in Developer Relations ...
ssh img 1

If you have a lot of Droplets on your account, you probably agree that it's hard to keep track of all of them—especially if you create new ones and destroy them frequently for one-off workloads. A common pain point is having to look up a Droplet's IP address when needing to SSH into it.

I created do-ssh-alias to help address that. Let's look at how it can help.

What is do-ssh-alias?

Let's assume you have a Droplet named shiny-blog. Usually you would look up its IP address and then SSH into it like so:

ssh username@1.2.3.4  

What if, instead, you could simply run the following command?

ssh shiny-blog  

This is where do-ssh-alias comes in. It creates SSH aliases for all your Droplets at once so you can easily SSH in, without having to worry about what user or hostname to use.

It is especially useful if your Droplets' hostnames are FQDNs (e.g. shiny.example.com) that don't point directly to the Droplets' IP addresses. One example is using Cloudflare in front of your website, so your domain name resolves to a Cloudflare server instead of your Droplet.

How do I use it?

do-ssh-alias depends on the programs jq and doctl. The first step is installing jq and installing doctl. Linked are the installation instructions for each program. Once you install doctl, log it in to your DigitalOcean account.

With the dependencies taken care of, let's now install do-ssh-alias. You can either download the script from GitHub or use the command line:

wget https://do.co/do-ssh-alias  

It's always a good idea to review any scripts you download from the internet before executing them.

Once you have the file on your computer, update its permissions to allow it to be executed:

chmod +x do-ssh-alias  

It's now ready to use. To generate aliases for your Droplets, run:

./do-ssh-alias > ~/.ssh/do_aliases

This will run do-ssh-alias and save the results in the file ~/.ssh/do_aliases.

Finally, update your ssh config to actually use the file with the aliases. Open ~/.ssh/config in a text editor and add the following line at the top:

Include do_aliases  

That's it. You can now SSH to your Droplets using their hostnames! Any time you create or remove Droplets, simply run it again to update the configuration.

What else can it do?

do-ssh-alias only generates SSH aliases, but it accepts a few options for some flexibility:

  • -u: Pass your SSH username like -u sammy to automatically use it for all hosts.
  • -i: To ignore certain Droplets and not create aliases for them, pass their hostnames like -i ignored-hostname-1 -i ignored-hostname-2.
  • -s: Pass a suffix with the -s option to generate additional aliases with that suffix stripped. For example, if your Droplet's hostname is shiny.example.com passing -s .example.com will generate an alias for ssh shiny in addition to ssh shiny.example.com.

Below is an example of using all three options.

Show me an example, please!

Let's assume you have the following Droplets on your account:

  • droplet1
  • droplet2.domain.com
  • droplet3.domain.com

Running:

do-ssh-alias -u sammy -i droplet1 -s .domain.com  

will generate aliases for:

  • ssh droplet2.domain.com
  • ssh droplet2
  • ssh droplet3.domain.com
  • ssh droplet3

all using the username sammy to log in. The SSH config will look like so:

Host droplet2.domain.com droplet2  
Hostname Droplet2-IP
User sammy

Host droplet3.domain.com droplet3
Hostname Droplet3-IP
User sammy

Resources

Here are some resources you may find useful:

Note: doctl itself provides similar functionality through the doctl compute ssh command which allows you to SSH into a Droplet using its ID or name. The main difference is that doctl looks up the Droplet's IP address using the DigitalOcean API every time you run it, while do-ssh-alias generates a static config file that ssh reads. You might prefer do-ssh-alias if:

  • you want an SSH config that can be copied to other computers without having to install doctl or store your API token on them; or
  • want to avoid the added latency of doctl's API request.