Files
gitea-pages/admin-guide/configuration/ssh_host_hopping.md

26 lines
893 B
Markdown

# SSH Host Hopping as Root (e.g. between cluster members)
This is to allow the user `root` on a given machine to log in as `root` onto another machine without using a password or a similar authentication.
The `ssh_server::root_host_trust` list in Hiera configures from which devices root is allowed to connect without special configuration:
```
ssh_server::root_host_trust:
- 'lxdev04.psi.ch'
- 'lxdev05.psi.ch'
```
From security perspective this nodes should have the same or stricter security rules/setup that the target host.
To actually use host trust the client also needs to configure that while connecting, e.g. in Hiera:
```
ssh_client::try_host_trust: true
```
or spontaneously on the ssh command line with:
```
ssh -o HostbasedAuthentication=yes ...
```
or by setting `HostbasedAuthentication yes` in the appropriate place in the ssh configuration (e.g. `~/.ssh/config`).