26 lines
893 B
Markdown
26 lines
893 B
Markdown
# SSH Host Hopping as Root (e.g. between cluster members)
|
|
|
|
This is to allow the user `root` on a given machine to log in as `root` onto another machine without using a password or a similar authentication.
|
|
|
|
|
|
The `ssh_server::root_host_trust` list in Hiera configures from which devices root is allowed to connect without special configuration:
|
|
```
|
|
ssh_server::root_host_trust:
|
|
- 'lxdev04.psi.ch'
|
|
- 'lxdev05.psi.ch'
|
|
```
|
|
From security perspective this nodes should have the same or stricter security rules/setup that the target host.
|
|
|
|
To actually use host trust the client also needs to configure that while connecting, e.g. in Hiera:
|
|
|
|
```
|
|
ssh_client::try_host_trust: true
|
|
```
|
|
|
|
or spontaneously on the ssh command line with:
|
|
```
|
|
ssh -o HostbasedAuthentication=yes ...
|
|
```
|
|
or by setting `HostbasedAuthentication yes` in the appropriate place in the ssh configuration (e.g. `~/.ssh/config`).
|
|
|