Page MenuHomeDevCentral

Run a secondary SSH server for OTP purpose
ClosedPublic

Authored by dereckson on Feb 19 2018, 16:17.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 22, 05:09
Unknown Object (File)
Sun, Nov 17, 18:15
Unknown Object (File)
Sun, Nov 17, 06:38
Unknown Object (File)
Sun, Nov 17, 06:17
Unknown Object (File)
Sat, Nov 9, 23:52
Unknown Object (File)
Thu, Oct 31, 22:14
Unknown Object (File)
Oct 14 2024, 19:03
Unknown Object (File)
Oct 14 2024, 17:28
Subscribers
None

Details

Summary

On Nasqueron servers, sshd on the port 22 is configured to accept only keys.
That configuration helps the user to know the passphrase prompt
is managed by their SSH client when they don't use an agent.

This situation could become more confusing if we add OTP, an interactive
prompt handled by the server.

To avoid such confusion, we run two SSH servers:

  • on the port 22: public key authentication only
  • on the port 5022: key + OTP
Test Plan

Deploy on Ysul and Eglide

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
sshd-otp
Build Status
Buildable 2111
Build 2359: arc lint + arc unit

Event Timeline

dereckson created this revision.

Works with ssh -p 5022 -o PubkeyAuthentication=No ysul.nasqueron.org.

dereckson added inline comments.
roles/core/sshd/files/sshd.rc
79 ↗(On Diff #3427)

root@ysul:/usr/home/dereckson # /usr/local/etc/rc.d/sshd-otp oneconfigtest
Performing sanity check on sshd-otp configuration.
eval: -otp_program: not found

89 ↗(On Diff #3427)

/usr/local/etc/rc.d/sshd-otp: WARNING: run_rc_command: cannot run -otp_program

This revision is now accepted and ready to land.Feb 19 2018, 19:22
This revision was automatically updated to reflect the committed changes.