Code ReviewSign In / operations / debs / wmf-sre-laptop / 6da3349397359b932da662d45f3698f4cf0a41e5^! / .
commit6da3349397359b932da662d45f3698f4cf0a41e5[log] [tgz]
authorMoritz Mühlenhoff <>Wed Feb 24 10:57:10 2021 +0100
committerMuehlenhoff <>Wed Feb 24 09:59:04 2021 +0000
parent221df3d340ef11b19db310775bb19e037fa87294 [diff]
Update SSH docs after change to pull known hosts from config-master Change-Id: I69a444b4ecb3cad07b5c862caf8ca4d566245b2c
diff --git a/docs/wmf-laptop-sre/SETUP.ssh b/docs/wmf-laptop-sre/SETUP.ssh index 66c4f2d..479473c 100644 --- a/docs/wmf-laptop-sre/SETUP.ssh +++ b/docs/wmf-laptop-sre/SETUP.ssh
@@ -9,7 +9,7 @@ and store them in two separate files (e.g. ~/.ssh/id_wmf_prod and ~/.ssh/id_wmf_cloud) - Run update-ssh-config. It will patch your ssh config file, and start the two SSH agent -services via systemd.+ services via systemd. - Before using the SSH keys you need to load the keys into the SSH agents, unfortunately it's a bit hacky as ssh-add doesn't allow to specify the auth socket via an option, so@@ -24,19 +24,16 @@ mkdir ~/.ssh/known_hosts.d - We have a script which needs the known host information from To initially- seed the data, you need to temporarily disable SSH host checking.+ We have a script which fetches the known host information, simply run+ "wmf-update-known-hosts-production", it will fetch all host keys via HTTPS from+ a central data store ( - ssh -o StrictHostKeyChecking=ask Compare the presented host fingerprint against- If it matches,- then type 'yes'.-- Then the same for​-​-​- Then run "wmf-update-known-hosts-production", it will fetch all host keys from bast2002. It needs to re-run whenever new hosts are added, either do it manually when you can't log into a host or setup a systemd timer (or cron). + For accessing the bastion for Cloud VPS/Toolforge (,​+ no similar mechanism exists, you need to manually verify it using:++​+ You should now be able to login into Cloud VPS and production hosts.
Powered by Gitiles