HomeDevCentral
Diffusion Nasqueron Operations dea23f79b7b8

Run a secondary SSH server for OTP purpose
dea23f79b7b8
Actions

Description

Run a secondary SSH server for OTP purpose

Summary:
On Nasqueron servers, sshd on the port 22 is configured to accept only keys.
That configuration helps the user to know the passphrase prompt
is managed by their SSH client when they don't use an agent.

This situation could become more confusing if we add OTP, an interactive
prompt handled by the server.

To avoid such confusion, we run two SSH servers:

  • on the port 22: public key authentication only
  • on the port 5022: key + OTP

Test Plan: Deploy on Ysul and Eglide

Reviewers: dereckson

Reviewed By: dereckson

Differential Revision: https://devcentral.nasqueron.org/D1336

Details

Provenance
derecksonAuthored on Feb 19 2018, 16:06
derecksonPushed on Feb 19 2018, 19:23
Reviewer
dereckson
Differential Revision
D1336: Run a secondary SSH server for OTP purpose
Parents
rOPS29aade582bb1: Install Yubico PAM module
Branches
Unknown
Tags
Unknown

Changes (11)

PathSize
roles/
bastion/
sshd-otp/
bastion/
sshd-otp/
files/
sshd.rc.conf/
webserver-legacy/
php-sites/
files/
rc/
instances
bastion/
sshd-otp/
core/
sshd/
files/
software.sls
init.sls

rOPSdea23f79b7b8

View Options

map.jinja

Loading...
View Options

roles/bastion/init.sls

Loading...
View Options

roles/bastion/sshd-otp/files/sshd.rc

Loading...
View Options

roles/bastion/sshd-otp/files/sshd.rc.conf

Loading...
View Options

roles/bastion/sshd-otp/files/sshd.service

Loading...
View Options

roles/bastion/sshd-otp/files/sshd_config

Loading...
View Options

roles/bastion/sshd-otp/init.sls

Loading...
View Options

roles/bastion/sshd-otp/service.sls

Loading...
View Options

roles/bastion/sshd-otp/software.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator