Update SSH docs after change to pull known hosts from config-master
Change-Id: I69a444b4ecb3cad07b5c862caf8ca4d566245b2c
diff --git a/docs/wmf-laptop-sre/SETUP.ssh b/docs/wmf-laptop-sre/SETUP.ssh
index 66c4f2d..479473c 100644
--- a/docs/wmf-laptop-sre/SETUP.ssh
+++ b/docs/wmf-laptop-sre/SETUP.ssh
@@ -9,7 +9,7 @@
and store them in two separate files (e.g. ~/.ssh/id_wmf_prod and ~/.ssh/id_wmf_cloud)
- Run update-ssh-config. It will patch your ssh config file, and start the two SSH agent
-services via systemd.
+ services via systemd.
- Before using the SSH keys you need to load the keys into the SSH agents, unfortunately
it's a bit hacky as ssh-add doesn't allow to specify the auth socket via an option, so
@@ -24,19 +24,16 @@
mkdir ~/.ssh/known_hosts.d
- We have a script which needs the known host information from bast2002.wikimedia.org. To initially
- seed the data, you need to temporarily disable SSH host checking.
+ We have a script which fetches the known host information, simply run
+ "wmf-update-known-hosts-production", it will fetch all host keys via HTTPS from
+ a central data store (https://config-master.wikimedia.org).
- ssh -o StrictHostKeyChecking=ask bast2002.wikimedia.org
- Compare the presented host fingerprint against
- https://wikitech.wikimedia.org/wiki/Help:SSH_Fingerprints/bast2002.wikimedia.org. If it matches,
- then type 'yes'.
-
- Then the same for restricted.bastion.wmflabs.org
- https://wikitech.wikimedia.org/wiki/Help:SSH_Fingerprints/restricted.bastion.wmflabs.org
-
- Then run "wmf-update-known-hosts-production", it will fetch all host keys from bast2002.
It needs to re-run whenever new hosts are added, either do it manually when you can't log into
a host or setup a systemd timer (or cron).
+ For accessing the bastion for Cloud VPS/Toolforge (restricted.bastion.wmflabs.org),
+ no similar mechanism exists, you need to manually verify it using:
+
+ https://wikitech.wikimedia.org/wiki/Help:SSH_Fingerprints/restricted.bastion.wmflabs.org
+
You should now be able to login into Cloud VPS and production hosts.