Hey, just a note to let everybody know, we just switched all of our machines to disallow SSH password authentication, so if you were previously using passwords to login anywhere, you'll need to use key auth now.
Thanks, Ricky
Ok cool, i think that that is a really good improvement.security wise!
Cheers, bert Op 27 mei 2011 21:41 schreef "Ricky Zhou" ricky@fedoraproject.org het volgende:
Hey, just a note to let everybody know, we just switched all of our machines to disallow SSH password authentication, so if you were previously using passwords to login anywhere, you'll need to use key auth now.
Thanks, Ricky
Op 27 mei 2011 21:41 schreef "Ricky Zhou" ricky@fedoraproject.org het volgende:
Hey, just a note to let everybody know, we just switched all of our machines to disallow SSH password authentication, so if you were previously using passwords to login anywhere, you'll need to use key auth now.
Am I the only one having this problem? https://fedorahosted.org/fedora-infrastructure/ticket/2811
On Sun, 5 Jun 2011 00:46:44 -0600 susmit shannigrahi thinklinux.ssh@gmail.com wrote:
Op 27 mei 2011 21:41 schreef "Ricky Zhou" ricky@fedoraproject.org het volgende:
Hey, just a note to let everybody know, we just switched all of our machines to disallow SSH password authentication, so if you were previously using passwords to login anywhere, you'll need to use key auth now.
Am I the only one having this problem? https://fedorahosted.org/fedora-infrastructure/ticket/2811
So far as I know. ;)
Did you try the setup suggested at:
https://fedoraproject.org/wiki/SSH_Access_Infrastructure_SOP
I'd be happy to try and get things working for you... if you could drop by #fedora-admin or we can continue debugging in the ticket. ;(
Sorry for the trouble.
kevin
https://fedoraproject.org/wiki/SSH_Access_Infrastructure_SOP
That does it. Thanks.
On Fri, 27 May 2011, Ricky Zhou wrote:
Hey, just a note to let everybody know, we just switched all of our machines to disallow SSH password authentication, so if you were previously using passwords to login anywhere, you'll need to use key auth now.
Also a good time to remind people of ssh -A and the ProxyCommand options.
-Mike
On Fri, 27 May 2011 15:27:55 -0500 (CDT) Mike McGrath mmcgrath@redhat.com wrote:
On Fri, 27 May 2011, Ricky Zhou wrote:
Hey, just a note to let everybody know, we just switched all of our machines to disallow SSH password authentication, so if you were previously using passwords to login anywhere, you'll need to use key auth now.
Also a good time to remind people of ssh -A and the ProxyCommand options.
Absolutely.
I would suggest NOT using agent forwarding by default, and only enabling it when you absolutely need it (copying files between two machines for example).
Host * ForwardAgent no
You can override this with '-A' on your command line if you wish to forward an agent for that session.
To get to internal machines, you can use ~/.ssh/config entries like:
Host puppet01 puppet1 puppet01.fedoraproject.org Hostname %h ProxyCommand ssh -q %r@bastion.fedoraproject.org /usr/bin/nc %h 22
This will ssh you to bastion and then in turn run nc (netcat) there allowing you to directly get to an internal machine. You can also setup wildcards in the Host line (see 'man ssh_config').
kevin
infrastructure@lists.fedoraproject.org
-
Bert -
Kevin Fenzi -
Mike McGrath -
Ricky Zhou -
susmit shannigrahi