The following ways are provided to access your server and files.
Warning: due to security reasons, we allow key based logins only
Your server is accessible trough SSH by default. We allow only key based logins as non privileged user (no root Login).
On all servers, a user named
devop is created by default. This user
is required to execute the
puppet-agent shortcut as long as there
are no other services/users configured. Furthermore, this user belongs
adm group which enable access to all system log files in
Shortcuts and sudo configuration¶
Depending on the installed services, some shortcuts are available to execute certain commands with root privileges.
You will find a list of all shortcuts by typing
You can add global keys to your server like this:
ssh::keys: "enduser": "email@example.com": "key": "ssh-rsa AAAAB....."
Please use a valid contact address, so we are able to get in touch if something comes up.
Additionaly, you can add custom environment variables to those keys. They get applied on every SSH login:
ssh::keys: "enduser": "firstname.lastname@example.org": "environment": "EDITOR": "/usr/bin/vi" "GIT_AUTHOR_NAME": "Bob" "GIT_AUTHOR_EMAIL": "email@example.com" "GIT_COMMITTER_NAME": "Bob" "GIT_COMMITTER_EMAIL": "firstname.lastname@example.org" "key": "ssh-rsa AAAAB....."
Create SSH Key¶
- use 4096 bit RSA Keys
- encrypt with PKCS8
ssh-keygen -b 4096 -C email@example.com -f ~/.ssh/id_rsa_tmp openssl pkcs8 -topk8 -v2 des3 -in ~/.ssh/id_rsa_tmp -out ~/.ssh/id_rsa mv ~/.ssh/id_rsa_tmp.pub ~/.ssh/id_rsa.pub rm ~/.ssh/id_rsa_tmp
SSH client configuration¶
Add client configurations to
/etc/ssh/ssh_config by setting the
ssh::config: "Host": "git" "HostName": "code.example.com" "User": "git"
man ssh_config (online version) for available configuration options