Hi there, could I get access to the frdev1001 server and access to mysql, specifically the pgehres & civicrm databases? Thank you!
Description
Event Timeline
pgehres hasn't worked here for years. anyway, adding this to SRE-Access-Requests and shifting the fundraising project from subscribers to tags
We will need a few things to follow-up with your access request. Could you please:
- add a short justification (just a few words) what the access is needed for
- add your manager to this ticket and have them approve the request
- create a SSH keypair and paste the public key here
- read L3 and sign it
Thank you and best regards,
Daniel
Hi @Dzahn
Thanks for helping with this!
- Access is needed for me to track stats for fundraising emails
- @CaitVirtue could you approve?
- Could you advise on how to create a SSH keypair...
- L3 signed
Thanks!
take a look at man ssh-keygen - you should end up with something like ssh-keygen -t ed25519 -C "jkim@wikimedia.org frack"
I'm relaying an email from Lisa:
Lisa Gruwell
Thu, Oct 11, 6:13 PM (14 hours ago)
to Jerry, Caitlin, me
Yes, approved.
On Thu, Oct 11, 2018 at 11:27 AM Jerry Kim <jkim@wikimedia.org> wrote:
Hey Lisa,
Could I get your approval for access to the Frdev1000 server and mysql? I'll be using this to track stats for MG&E emails so we can keep a better record of email performance.
Thank you!
Jerry Kim
there is one more thing, besides the SSH key, that we will need.
Please go to Wikitech wiki and create a user there:
https://wikitech.wikimedia.org/w/index.php?title=Special:CreateAccount&returnto=Main+Page
And once done let us know which user name you picked for the "UNIX shell username" (or just the email you used to register).
Thanks!
Hi @jkim_wikimedia - sorry for the confusion, I'll be making this account for you. Do you have a yubikey?
@jkim_wikimedia these are the basic instructions for making an ssh key: https://wikitech.wikimedia.org/wiki/Production_shell_access#Generating_your_SSH_key
Once that is done you can paste the public key (ending with .pub) on this task along with the output of the yubikey and we can get you set up!
Hey @cwdent, here's the public key: /Users/jkim/.ssh/id_rsa.pub
What is the output of the yubikey? -_-
@jkim_wikimedia If you plug it into your laptop and touch the button it will spit out some text. The first 12 characters are your key's ID and the rest is a one-time-use password.
@jkim_wikimedia thanks! As far as the public key I need the actual contents of the file which you can see by typing:
cat /Users/jkim/.ssh/id_rsa.pub
It will be a large block of text.
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+ItHLDwXZYoK8b3LEff1bM6UydLGFXMCprg+LVLkwDR4fQFSEMNMLAsdNoXnGmr6ZNC/CnCOxRcbYpk+AEpx1gx4U0ZQfsvhPzyaLL1P809MxFgF89QPVFvoB2ZlkGjVm1t2JIY57lDFzTvzwiWHHtvtkFU6BCITnBV0NWk8/7LnEC6dD4WBoe26zaOmQf5m0/znMq+B+7T7IE0RLk08vkUn17nXUn5x2r98paT1iuYv7DRyOFHBf9Y4naOKO4AYWp79VI/V98Nugeahw7FnUR3yd/11FAXAY8PR7sf4zytjLeVz/IQpzoLuHzCpDkCFSH5Cxw5jbUBqGIHeE//AC0wmS3M89M4RXFLEQkjz69L0Dd/uZhHDrePBgvUh0FeqM+iD54m2BF0uPYhXupNsmtGAixrZdMaFWmDcL3BA9Oby+tAiehOgftefg5OWArbWhtUKkHRWh+upTSJCMFVgNQTnDDWT+SPk8PNE61Cy9wrp8hi40BNKXd1rli0PEtZl+gX82e8ZNbU3SD0bsPVavMZUHQr/IdMD1r7dw83M9tYEN5dfDw2fjcb6mJzuA6lOzeTlE2ZB2rABHLlNNOmqJ0YOnHvD1JQggCJtNLS2FNRMd6QPp7hjRZT/nn/FhUwI5utwvotQDjdQif+VkNAY/SZqWVFbmG4Q6QTWvmCDZ2w== jkim@wikimedia.org
@jkim_wikimedia thanks, I now have enough info to make the accounts and will find time in the next day or two.
@jkim_wikimedia ok, you are all set up with a shell account on frdev1001 and mysql access.
In order to log in you will need to set up your ssh config: https://wikitech.wikimedia.org/wiki/Fundraising/tech/ssh_config
Then you can type
ssh frdev1001
to log in and
mysql
to access the database.
@jkim_wikimedia it looks like the file isn't there. I am not personally knowledgeable about Apple computers but I have edited the instructions to add the commands that would work in Linux, hopefully they are the same:
https://wikitech.wikimedia.org/wiki/Fundraising/tech/ssh_config
Let me know if that does it!
@jkim_wikimedia No worries, screenshots like this are helpful and we can use them to make better docs for the next time. So you made a new file called "config" inside that new directory called .ssh. That's all good. But then it looks like contents of that file are also the commands that you typed to do this. I'm not sure how that happened, but what you want is copy/paste the part that starts after "The file should look more or less like this" into the text editor and then save it.
Start at "Host frbast.wikimedia.org" and copy the 2 host blocks into your new config file and then save. By the way, you can use any other text editor for this as well, you don't have to use TextEdit.
Almost! Just need to adjust the two spots that say "your_username_here" to "jkim" and you should be good to go.
Now you should be able to "ssh frdev1001" from a terminal on your Mac or whatever. Your SSH client will connect through a
bastion server (frbast) to the reporting server (frdev1001).
The first time you connect:
- You'll be asked to authorize frbast's host key, enter 'yes' when asked.
The authenticity of host 'frbast (208.80.155.8)' can't be
established. ECDSA key fingerprint is SHA256:KFDL0dZ/YAKzQRw4oqVBPGELoLaNHBc3yyotcJ6rywM.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)?
- Then you'll be prompted for a password, press your Yubikey here.
- Next you're asked to authorize frdev1001's host key, again enter 'yes'.
The authenticity of host 'frdev1001 (<no hostip for proxy command>)' can't be established.
ECDSA key fingerprint is SHA256:TXnPkkzSigtrVId7gisg2vd51vhSUArrkpAlntJlzps.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)?
Finally you get a prompt indicating successful connection: (your username)@frdev1001:~$
After you verify a host's key, your client should never ask again for that host. If it does something is wrong, the connection can't be trusted, and you need to stop and check in with Fundraising Tech. You will be prompted
for the Yubikey password every time you connect, however.
Also, as a reminder it is imperative that you contact Fundraising Tech ASAP if either your laptop or Yubikey is lost, stolen, or otherwise compromised so we can prevent unauthorized access.