Run a secondary SSH server for OTP purpose
ClosedPublic
Actions

Authored by dereckson on Feb 19 2018, 16:17.

Details

Reviewers

dereckson

Commits

rOPSdea23f79b7b8: Run a secondary SSH server for OTP purpose

Summary

On Nasqueron servers, sshd on the port 22 is configured to accept only keys.
That configuration helps the user to know the passphrase prompt
is managed by their SSH client when they don't use an agent.

This situation could become more confusing if we add OTP, an interactive
prompt handled by the server.

To avoid such confusion, we run two SSH servers:

on the port 22: public key authentication only
on the port 5022: key + OTP

Test Plan

Deploy on Ysul and Eglide

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

dereckson requested review of this revision.Feb 19 2018, 16:17

dereckson created this revision.

Harbormaster completed remote builds in B2110: Diff 3427.Feb 19 2018, 16:17

Works with ssh -p 5022 -o PubkeyAuthentication=No ysul.nasqueron.org.

dereckson planned changes to this revision.Feb 19 2018, 16:27

dereckson added inline comments.

roles/core/sshd/files/sshd.rc
79 ↗	(On Diff #3427)	root@ysul:/usr/home/dereckson # /usr/local/etc/rc.d/sshd-otp oneconfigtest Performing sanity check on sshd-otp configuration. eval: -otp_program: not found
89 ↗	(On Diff #3427)	/usr/local/etc/rc.d/sshd-otp: WARNING: run_rc_command: cannot run -otp_program