SSH Config ProxyCommand Tricks

Working in security/operations in the tech industry, I use SSH a lot. To various different machines (some with hostnames, some without), using various different users and keys, and often (as was the case in my previous post) via a bastion host. Over the years, I’ve collected a number of SSH tricks that make my life easier.


Clock drift in Docker containers

I was working on a docker container which uses the aws cli to mess around with some autoscaling groups when I got a somewhat strange error:

A client error (SignatureDoesNotMatch) occurred when calling the DescribeAutoScalingGroups operation: Signature not yet current: 20171115T012426Z is still later than 20171115T012420Z (20171115T011920Z + 5 min.)

Hmm.

Are the clocks off?


Performance problems with Flask and Docker

I had an interesting problem recently on a project I was working on. It’s a simple Flask-based webapp, designed to be deployed to AWS using Docker. The application worked just fine when I was running it locally, but as soon as I pushed the docker container…

Latency spikes. Bad enough that the application was failing AWS’s healthy host checks, cycling in and out of existence1:


Parsing AWS instance data with jq

Semi-random amusing code snippet of the day:

aws ec2 describe-instances | jq << EOF
    .[][].Instances[]
    | select(.Tags[]?.Value == "production")
    | .PrivateIpAddress
EOF