Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upEnable easy ssh key revocation #694
Conversation
|
r? @edunham cc @larsbergstrom @Manishearth @metajack Obviously, whoever deploys this should be careful and make sure to have an open SSH session (preferably with tmux or screen running) to avoid locking ourselves out. |
| make sure to su - servo to simulate the space, | ||
| and check the Buildbot config for any required environment variables. | ||
|
|
||
| ### SSH key revocation and rotation |
This comment has been minimized.
This comment has been minimized.
aneeshusa
Jun 7, 2017
Author
Member
Please take a look at these instructions in particular and let me know if they seem reasonable!
|
LGTM. I'm not entirely clear on how to use the the salt testing dir though, got links to more docs (or expand on it inline)? |
Fully manage the `.ssh/authorized_keys` file for root, so that keys removed from Salt are also removed from the file. Note that the AWS (Linux) machines are configured to have two additional keys in the root `authorized_keys` file, namely `servo-aws` and `servo-aws-reserved-instances`, but when used these keys will tell the user to log in as ubuntu, so they don't provide real access. Remove these keys as they are not useful. Add documentation about gaining SSH access and revoking/rotating keys.
aneeshusa
force-pushed the
aneeshusa:enable-easy-ssh-key-revocation
branch
from
a58ab8e
to
4519591
|
It's explained in the |
|
@bors-servo r+ Thanks for the fix and the excellent docs! They look clear, accurate, and reasonable to me. |
|
|
Enable easy ssh key revocation Fully manage the `.ssh/authorized_keys` file for root, so that keys removed from Salt are also removed from the file. Note that the AWS (Linux) machines are configured to have two additional keys in the root `authorized_keys` file, namely `servo-aws` and `servo-aws-reserved-instances`, but when used these keys will tell the user to log in as ubuntu, so they don't provide real access. Remove these keys as they are not useful. Add documentation about gaining SSH access and revoking/rotating keys. Fixes #693. <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/saltfs/694) <!-- Reviewable:end -->
|
|
aneeshusa commentedJun 7, 2017
•
edited by larsbergstrom
Fully manage the
.ssh/authorized_keysfile for root,so that keys removed from Salt are also removed from the file.
Note that the AWS (Linux) machines are configured to have two
additional keys in the root
authorized_keysfile,namely
servo-awsandservo-aws-reserved-instances,but when used these keys will tell the user to log in as ubuntu,
so they don't provide real access.
Remove these keys as they are not useful.
Add documentation about gaining SSH access and revoking/rotating keys.
Fixes #693.
This change is