Page MenuHomeDevCentral

Run a secondary SSH server for OTP purpose
ClosedPublic

Authored by dereckson on Feb 19 2018, 16:17.
Tags
None
Referenced Files
F3795853: D1336.id3430.diff
Thu, Nov 28, 04:08
F3792958: D1336.id.diff
Wed, Nov 27, 19:06
Unknown Object (File)
Sun, Nov 24, 19:19
Unknown Object (File)
Sun, Nov 24, 10:53
Unknown Object (File)
Sun, Nov 24, 09:51
Unknown Object (File)
Sun, Nov 24, 09:23
Unknown Object (File)
Sun, Nov 24, 08:04
Unknown Object (File)
Fri, Nov 22, 05:09
Subscribers
None

Details

Summary

On Nasqueron servers, sshd on the port 22 is configured to accept only keys.
That configuration helps the user to know the passphrase prompt
is managed by their SSH client when they don't use an agent.

This situation could become more confusing if we add OTP, an interactive
prompt handled by the server.

To avoid such confusion, we run two SSH servers:

  • on the port 22: public key authentication only
  • on the port 5022: key + OTP
Test Plan

Deploy on Ysul and Eglide

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson created this revision.

Works with ssh -p 5022 -o PubkeyAuthentication=No ysul.nasqueron.org.

dereckson added inline comments.
roles/core/sshd/files/sshd.rc
79 ↗(On Diff #3427)

root@ysul:/usr/home/dereckson # /usr/local/etc/rc.d/sshd-otp oneconfigtest
Performing sanity check on sshd-otp configuration.
eval: -otp_program: not found

89 ↗(On Diff #3427)

/usr/local/etc/rc.d/sshd-otp: WARNING: run_rc_command: cannot run -otp_program

This revision is now accepted and ready to land.Feb 19 2018, 19:22
This revision was automatically updated to reflect the committed changes.