gerrit.wikimedia.org
Gitiles
Code ReviewSign In
gerrit.wikimedia.org / operations / debs / wmf-sre-laptop / 628ef5b2ff7e01c4af3e598f8738b90ad6220813^! / .
commit628ef5b2ff7e01c4af3e598f8738b90ad6220813[log] [tgz]
authorStephen Shirley <sshirley@wikimedia.org>Tue Apr 14 16:14:44 2020 +0200
committerStephen Shirley <sshirley@wikimedia.org>Tue Apr 14 17:12:07 2020 +0200
treec16b67f3c650b3c44a9e71dc23a3e0a17199cd9c
parent147594661204e5cd18f2b30ab441d8e921f9412d [diff]
Simplify manual ssh host key checking Also: - Add 'Port 29418' to gerrit.wikipedia.org ssh_config entry, to simplify usage for users. - Add .gitreview config for gerrit Change-Id: I8972112d2ec75922c0f653d14b4e0f63151c8066
diff --git a/.gitreview b/.gitreview new file mode 100644 index 0000000..c329815 --- /dev/null +++ b/.gitreview
@@ -0,0 +1,5 @@ +[gerrit]​+host=gerrit.wikimedia.org​+port=29418​+project=operations/debs/wmf-sre-laptop.git​+defaultbranch=master
diff --git a/configs/ssh-client-config b/configs/ssh-client-config index 22311e2..6302ead 100644 --- a/configs/ssh-client-config +++ b/configs/ssh-client-config
@@ -64,6 +64,7 @@ # See https://wikitech.wikimedia.org/wiki/Managing_multiple_SSH_agents#Using_multiple_agents_via_systemd for setting up multiple agents using systemd Host gerrit.wikimedia.org User USERNAME+ Port 29418 StrictHostKeyChecking yes ProxyCommand none IdentitiesOnly yes
diff --git a/docs/SETUP.git b/docs/SETUP.git index b227d96..82e0353 100644 --- a/docs/SETUP.git +++ b/docs/SETUP.git
@@ -6,11 +6,9 @@ - git and git-review have been installed as dependencies of the wmf-sre-laptop package -- We need to once accept the SSH host key for the SSH service provided by Gerrit. Temporarily- disable SSH host checking by uncommenting "StrictHostKeyChecking" in the ~/.ssh/config Host- definition for "Host gerrit.wikimedia.org" and log into+- We need to once accept the SSH host key for the SSH service provided by Gerrit. - ssh gerrit.wikimedia.org -p 29418+ ssh -o StrictHostKeyChecking=ask gerrit.wikimedia.org and compare the presented host fingerprint against https://wikitech.wikimedia.org/wiki/Help:SSH_Fingerprints/gerrit.wikimedia.org:29418
diff --git a/docs/SETUP.ssh b/docs/SETUP.ssh index 84eeae5..7770d31 100644 --- a/docs/SETUP.ssh +++ b/docs/SETUP.ssh
@@ -33,16 +33,16 @@ mkdir ~/.ssh/known_hosts.d We have a script which needs the known host information from bast2002.wikimedia.org. To initially- seed the data, you need to temporarily disable SSH host checking by uncommenting "StrictHostKeyChecking"- in the ~/.ssh/config Host definition for the bastions and the *wikimedia.org host group.+ seed the data, you need to temporarily disable SSH host checking. - Then SSH into bast2002.wikimedia.org and compare the presented host fingerprint against- https://wikitech.wikimedia.org/wiki/Help:SSH_Fingerprints/bast2002.wikimedia.org​+ ssh -o StrictHostKeyChecking=ask bast2002.wikimedia.org+ Compare the presented host fingerprint against+ https://wikitech.wikimedia.org/wiki/Help:SSH_Fingerprints/bast2002.wikimedia.org. If it matches,+ then type 'yes'. Then the same for restricted.bastion.wmflabs.org https://wikitech.wikimedia.org/wiki/Help:SSH_Fingerprints/restricted.bastion.wmflabs.org - Enable strict host key checking again by removing uncommenting it in the config again. Then run "wmf-update-known-hosts-production", it will fetch all host keys from bast2002. It needs to re-run whenever new hosts are added, either do it manually when you can't log into a host or setup a systemd timer (or cron).
Powered by Gitiles
txt
json