SSH Host Hopping as Root (e.g. between cluster members)

This is to allow the user root on a given machine to log in as root onto another machine without using a password or a similar authentication.

The ssh_server::root_host_trust list in Hiera configures from which devices root is allowed to connect without special configuration:

ssh_server::root_host_trust:
  - 'lxdev04.psi.ch'
  - 'lxdev05.psi.ch'

From security perspective this nodes should have the same or stricter security rules/setup that the target host.

To actually use host trust the client also needs to configure that while connecting, e.g. in Hiera:

ssh_client::try_host_trust: true

or spontaneously on the ssh command line with:

ssh -o HostbasedAuthentication=yes ...

or by setting HostbasedAuthentication yes in the appropriate place in the ssh configuration (e.g. ~/.ssh/config).