blob: 479473cd8541faa00d51c5b1665ac09a7bb1cbda [file
This describes the setup using disk-based key store:
- Create two separate SSH keys for "production" and "cloud":
and store them in two separate files (e.g. ~/.ssh/id_wmf_prod and ~/.ssh/id_wmf_cloud)
- Run update-ssh-config. It will patch your ssh config file, and start the two SSH agent
- Before using the SSH keys you need to load the keys into the SSH agents, unfortunately
it's a bit hacky as ssh-add doesn't allow to specify the auth socket via an option, so
best to add a small script which does:
- Finally we need to populate the known hosts file. First create the following directory:
We have a script which fetches the known host information, simply run
"wmf-update-known-hosts-production", it will fetch all host keys via HTTPS from
a central data store (https://config-master.wikimedia.org).
It needs to re-run whenever new hosts are added, either do it manually when you can't log into
a host or setup a systemd timer (or cron).
For accessing the bastion for Cloud VPS/Toolforge (restricted.bastion.wmflabs.org),
no similar mechanism exists, you need to manually verify it using:
You should now be able to login into Cloud VPS and production hosts.