Review sshaccess SOP
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
This commit is contained in:
Michal Konečný
parent
d9f401815e
commit
9cecc4a4ae
2 changed files with 21 additions and 30 deletions
|
|
@ -3,11 +3,11 @@
|
|||
== Contents
|
||||
|
||||
[arabic]
|
||||
. Contact Information
|
||||
. Introduction
|
||||
. SSH configuration
|
||||
. SSH Agent forwarding
|
||||
. Troubleshooting
|
||||
* <<_contact_information>>
|
||||
* <<_introduction>>
|
||||
* <<_ssh_configuration>>
|
||||
* <<_ssh_agent_forwarding>>
|
||||
* <<_troubleshooting>>
|
||||
|
||||
== Contact Information
|
||||
|
||||
|
|
@ -25,7 +25,7 @@ Purpose::
|
|||
== Introduction
|
||||
|
||||
This page will contain some useful instructions about how you can safely
|
||||
login into Fedora PHX2 machines successfully using a public key
|
||||
login into Fedora IAD2 machines successfully using a public key
|
||||
authentication. As of 2011-05-27, all machines require a SSH key to
|
||||
access. Password authentication will no longer work. Note that this SOP
|
||||
has nothing to do with actually gaining access to specific machines. For
|
||||
|
|
@ -42,7 +42,6 @@ vi ~/.ssh/config
|
|||
....
|
||||
|
||||
[NOTE]
|
||||
.Note
|
||||
====
|
||||
This file, and any keys, need to be chmod 600, or you will get a "Bad
|
||||
owner or permissions" error. The .ssh directory must be mode 700.
|
||||
|
|
@ -94,7 +93,7 @@ server:
|
|||
You can configure Putty the same way by doing this:
|
||||
|
||||
[arabic, start=0]
|
||||
. In the session section type batcave01.fedoraproject.org port 22
|
||||
. In the session section type _batcave01.fedoraproject.org_ port 22
|
||||
. In Connection:Data enter your FAS_USERNAME
|
||||
. In Connection:Proxy add the proxy settings
|
||||
|
||||
|
|
@ -102,7 +101,7 @@ ____
|
|||
* ProxyHostname is bastion-iad01.fedoraproject.org
|
||||
* Port 22
|
||||
* Username FAS_USERNAME
|
||||
* Proxy Command plink %user@%proxyhost %host:%port
|
||||
* Proxy Command `plink %user@%proxyhost %host:%port`
|
||||
____
|
||||
|
||||
[arabic, start=3]
|
||||
|
|
@ -136,27 +135,19 @@ bastion was unable to connect to the host. This most likely means that
|
|||
tried to SSH to a nonexistent machine. You can debug this by trying to
|
||||
connect to that machine from bastion.
|
||||
____
|
||||
* {blank}
|
||||
* if your local username is different from the one registered in FAS,
|
||||
please remember to set up a User variable (like above) where you
|
||||
specify your FAS username. If that's missing SSH will try to login by
|
||||
using your local username, thus it will fail.
|
||||
* `ssh -vv` is very handy for debugging what sections are matching and
|
||||
what are not.
|
||||
* If you get access denied several times in a row, please consult with
|
||||
#fedora-admin. If you try too many times with an invalid config your
|
||||
IP could be added to denyhosts.
|
||||
* If you are running an OpenSSH version less than 5.4, then the -W
|
||||
option is not available. In that case, use the following ProxyCommand
|
||||
line instead:
|
||||
+
|
||||
if your local username is different from the one registered in FAS,::
|
||||
please remember to set up a User variable (like above) where you
|
||||
specify your FAS username. If that's missing SSH will try to login by
|
||||
using your local username, thus it will fail.
|
||||
* {blank}
|
||||
+
|
||||
ssh -vv is very handy for debugging what sections are matching and::
|
||||
what are not.
|
||||
* {blank}
|
||||
+
|
||||
If you get access denied several times in a row, please consult with::
|
||||
#fedora-admin. If you try too many times with an invalid config your
|
||||
IP could be added to denyhosts.
|
||||
* {blank}
|
||||
+
|
||||
If you are running an OpenSSH version less than 5.4, then the -W::
|
||||
option is not available. In that case, use the following ProxyCommand
|
||||
line instead:
|
||||
+
|
||||
....
|
||||
ProxyCommand ssh -q bastion.fedoraproject.org exec nc %h %p
|
||||
....
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue