document ssh host trust
This commit is contained in:
@@ -7,4 +7,5 @@ Here starts a so far small collections of configuration guides for sysadmins of
|
||||
- [Custom Nameservers](configuration/custom_nameservers)
|
||||
|
||||
## Special Installations
|
||||
- [SSH Host Hopping as Root (e.g. between cluster members)](configuration/ssh_host_hopping)
|
||||
- [Install Citrix VDA](configuration/citrix_vda)
|
||||
|
||||
25
admin-guide/configuration/ssh_host_hopping.md
Normal file
25
admin-guide/configuration/ssh_host_hopping.md
Normal file
@@ -0,0 +1,25 @@
|
||||
# SSH Host Hopping as Root (e.g. between cluster members)
|
||||
|
||||
This is to allow the user `root` on a given machine to log in as `root` onto another machine without using a password or a similar authentication.
|
||||
|
||||
|
||||
The `ssh_server::root_host_trust` list in Hiera configures from which devices root is allowed to connect without special configuration:
|
||||
```
|
||||
ssh_server::root_host_trust:
|
||||
- 'lxdev04.psi.ch'
|
||||
- 'lxdev05.psi.ch'
|
||||
```
|
||||
From security perspective this nodes should have the same or stricter security rules/setup that the target host.
|
||||
|
||||
To actually use host trust the client also needs to configure that while connecting, e.g. in Hiera:
|
||||
|
||||
```
|
||||
ssh_client::try_host_trust: true
|
||||
```
|
||||
|
||||
or spontaneously on the ssh command line with:
|
||||
```
|
||||
ssh -o HostbasedAuthentication=yes ...
|
||||
```
|
||||
or by setting `HostbasedAuthentication yes` in the appropriate place in the ssh configuration (e.g. `~/.ssh/config`).
|
||||
|
||||
Reference in New Issue
Block a user