Infrastructure/infra-docs-fpo
1
0
Fork 0
Code Issues 100 Pull requests 6 Projects Releases Packages Wiki Activity Actions
466 commits 1 branch 0 tags 4.5 MiB
Commit graph

11 commits

Author SHA1 Message Date
Kevin Fenzi
67637180b7 sshaccess: drop VerifyHostKeyDNS 
This is nice and all, but unless you have dnssec enabled, it
could be you get redirected to a attacker host.
We also no longer mention sshfp anywhere here, so makes sense to just
drop it.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2025-02-19 19:15:35 +00:00
khalid
f246980806 added additional step to enter public key in FAS profile 2024-11-17 23:50:43 +03:00
Paul Maconi
0a9b6ad6ba Update batcave01 fqdn in modules/sysadmin_guide/pages/sshaccess.adoc 
Found a reference to batcave01.fedoraproject.org, which does not resolve. Immediately below it is a reference to batcave01.iad2.fedoraproject.org, which did resolve and allowed an SSH connection. Updated the first reference.
 2024-05-03 21:13:36 +00:00
Kevin Fenzi
a7befa86e9 sshaccess: some improvements 
ProxyJump is better than ProxyCommand because the ssh connection is
completely encrypted to the bastion host.

Also mention that you can use ssh keys with FIDO tokens if you are only
connecting to Fedora and RHEL9+ hosts.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2024-01-18 13:12:30 -08:00
Michal Konecny
e1d2e9149d Add VerifyHostKeyDNS parameter to SSH configuration 
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-11-22 16:48:16 +01:00
Michal Konecny
56ebedb987 Fix build errors and warnings 
This commit fixes all current errors and warnings shown by antora during
documentation build.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
 2023-09-05 16:08:43 +02:00
Dusty Mabe
5b7e5834a9
sshaccess: provide separate config for batcave01 
This has the benefit of making `ssh user@batcave01` get resolved
to batcave01.iad2.fedoraproject.org which will make the known_hosts
@cert-authority *.iad2.fedoraproject.org configuration apply.
 2023-07-28 12:28:30 -04:00
Dusty Mabe
eca2f0961f
sshaccess: add 10.3.171.* to Host list for ProxyCommand config 
I happen to have a server behind the 10.3.171.* range. I'm hoping
we can add it to this line so I don't have to carry custom config
for it.
 2023-07-28 12:21:33 -04:00
Kevin Fenzi
d5a4761208 modernize sshaccess 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-03-31 11:10:59 -07:00
Michal Konečný
9cecc4a4ae Review sshaccess SOP 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2021-09-10 15:06:06 +02:00
Adam Saleh
a0301e30f1 Added the infra SOPs ported to asciidoc. 2021-07-26 10:39:47 +02:00