SSH Access Infrastructure SOP
Contact: #fedora-admin or firstname.lastname@example.org
Location: All fedora machines
Servers: All fedora machines
Purpose: Access via ssh to Fedora project machines.
This page will contain some useful instructions about how you can safely login into Fedora internal machines successfully using a PubAuthKey authentication. As of 2011-05-27, all machines require a SSH key to access. Password authentication will no longer work. Note that this SOP has nothing to do with actually gaining access to specific machines. For that you MUST be in the correct group for shell access to that machine. This SOP simply describes the process once you do have valid and appropriate shell access to a machine.
Steps to reproduce
First of all: (on your local machine)
cd /home/user/.ssh touch config && nano config
Note: You'll need to create an entry for every internal machine you plan to log in to, or create wildcard entries.
Note2: This example is valid only if you are trying to login into puppet01 to commit your changes to Infrastructure's Puppet tree. (see Note1)
then, edit it as it follows:
Host puppet01 puppet1 puppet01.fedoraproject.org Hostname %h (or if it doesn't resolve, go ahead to the troubleshooting section) User FASUID (you don't need this if your local UID and your FAS one correspond) ProxyCommand ssh -q FASUID@bastion.fedoraproject.org /usr/bin/nc %h 22
- 'nc: getaddrinfo: Name or service not known', replace Hostname %h with Hostname 10.5.126.23 (this is puppet's IP, so it will be different by machine to machine)
- if your local UID is different from the one registered in FAS, please remember to set up a User variable (like above) where you specify your FAS UID. If that's missing SSH will try to login by using your local UID, thus it will fail.