Hi guys,
Sending a request here to get access. Got my Yubikey and working on getting a Yubikey public ID now.
Thanks
Mariana
Description
Description
Event Timeline
Comment Actions
Hi Mariana,
You can get the public id in one of two ways:
- Visit https://directory.corp.wikimedia.org/yubikey.php logging in with your 'OIT' ldap credentials like you would for email, and clicking on the yubikey in the text box. It will then trim the code for you and provide the public side.
- In a text editor, just repeatedly press the button on the yubikey. You will notice there are 12 characters at the beginning of the output that don't change. That is the public side of the key that you can then send on to us.
Once we have this information we can update the config.
Dallas
Comment Actions
Hi Dallas,
Here's the Yubikey id.
Your Yubikey Public ID is: cccccclbdvli
Thanks,
Mariana
Comment Actions
I have added the public key to the repo and pushed it out to the associated servers
[frack::puppet::private] c874c8b Adding yubikey public side for msuijkerbuijk
Comment Actions
This is one step for access. I know that Jeff was checking on some other portions. I'll check with him and find out what (if anything) still remains before I can say for certain.
Comment Actions
Caitlin Cogdill sent an access authorization request to Lisa Gruwell earlier this week, we're waiting to hear back on that.
Comment Actions
- Forwarded message ---------
From: Lisa Gruwell <lgruwell@wikimedia.org>
Date: Fri, Sep 20, 2019 at 6:21 PM
Subject: Re: URGENT: Approval needed: Mariana fundraising server access
To: Patricia Pena <ppena@wikimedia.org>
Cc: Leticia Navarro <lnavarro@wikimedia.org>, Mariana Suijkerbuijk <msuijkerbuijk@wikimedia.org>, Caitlin Cogdill
<ccogdill@wikimedia.org>
Approved :)
Comment Actions
Added user accounts for Mariana. I need to get clarification as to what level DB access is requested.
[frack::puppet] 9ee84d9d Adding user account for msuijkerbuijk
Comment Actions
Hello @MSuijkerbuijk_WMF the next step we have is for you to get ssh access. To do so, I am going to need you to generate an ssh keypair and have you provide the public portion of that key.
Instructions for generating the ssh keypair are here: https://collab.wikimedia.org/wiki/Fundraising_ssh_access
When you have generated the keypair, please post the contents of the public side of the key (ie: fr_id_rsa.pub) in this ticket.
Thanks,
Dallas
Comment Actions
Hi Dallas,
I've followed the steps now. Terminal says:
Your identification has been saved in /Users/marianasuijkerbuijk/.ssh/id_rsa.
Your public key has been saved in /Users/marianasuijkerbuijk/.ssh/id_rsa.pub.
Is that what you need?
Thanks,
Mariana
Comment Actions
Hello Mariana,
Thanks for generating the keypair. What I need pasted into the ticket is the contents of the file: /Users/marianasuijkerbuijk/.ssh/id_rsa.pub
Once you paste that in I'll get moving on pushing out the config.
Thanks.
Dallas
Comment Actions
Copying below, thanks!
Your public key has been saved in /Users/marianasuijkerbuijk/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:IGQY9VX7XDiBd+aYOMhivRwgTTxJaZ/w986TKXSHBZ4 msuijkerbuijk@wikimedia.org
The key's randomart image is:
+---[RSA 4096]----+
| .++=oo..... |
| .o..X. ..ooo |
| .ooO o.+oO. |
| .o.O +oEoo |
| . oS+ ooo |
| o . + . |
| . + + |
| . * |
| . . |
+----[SHA256]-----+
Comment Actions
Hello Maria,
I actually need the contents of the file. You can get that using the following command in a Terminal window:
cat /Users/marianasuijkerbuijk/.ssh/id_rsa.pub
Thanks,
Dallas
Comment Actions
Hi Dallas,
Let's see if it's right now, see below
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCeXqjNtW71/FoQSyEyqWUsExlvKnhyzNrEcJXzjZpMV27DA3v0smbRnV8NU/AcO0EJzQXuT9rPktlSfyKXCiY0TWih+uMYewY9Tu7k2MG+IDjFkKma4fMEwZlp0GN1o4Ij6rZGd8AnBwBcwipIYaBJX+M3symnc8JMvIcvwPEyCFC2Umc9+2IutO5na8ZeqvaPa1h6QXLnBmjxVt8dbips4vg0TiU7XLKP/0ZluD4n+siARPVq8CE46ZimPAyI7KOdHoyJflG/AEVW7Sx5lOtQSfyqNpNA9IWm3VCS0hdwdv3Ccp0AabiBodKAO5JhZ+DEdBnpDaTfyj7FqALJNZJBjXtrKHGD0jAxokDlVWbF3mB1d5t7Dh0nuSuXyNxXXELoequCzkRAhhFNtM8P67rzxsR/6OKFrpFJpqcbuP85+GA/eYojH9ifqzY927ia8BKMHTE5yoL1PgpnoFHWayrJOcQdeyxYL6KXfJ58UHvFAmWStiV+WqKoh/2vATBPPlu9ChTD8WeZmZAubzMLYApfpMGpFgLzAztu8HTIqZuBdAq9xOEJZjOIeqwuqTEVGlB4+Vw3qgAekjj+zR0rA0nvzZzGVbmQ5vwKebWvNJSvh/e0gEhGxYVQSDBbYp+ls0YS6IezFZEuqz0l+oi1cB7ppYvBZz7byP8xgvJv1RVL8Q== msuijkerbuijk@wikimedia.org
Comment Actions
Hello Mariana,
Thanks, that's what I needed. I have updated the repo and pushed the key around.
If you haven't yet, you should create an ssh config file using the instructions on this page: https://collab.wikimedia.org/wiki/Fundraising_ssh_client_config
Once you have that set, you should be able to use the following command: ssh rdev1001
You will be prompted enter the passphrase for your ssh key, and to accept the server identity (which you can answer yes to). When presented with a Password: prompt, you will hit the button on your yubikey to supply the password.
Please let me know if you have issues connecting.
Dallas
[frack::puppet::private] 7517bd9 Adding ssh public key for msuijkerbuijk
[frack::puppet::private] 91ef53f adding msuijkerbuijk to mysql_grants
Comment Actions
Hi Dallas,
I'm trying to follow the last instructions you shared. Should it be run on Terminal? It is not working. Any tip?
I was under the impression that I had generated ssh already. See beginning of this thread.
Thanks!
Mariana
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTXJs939Z+mDYe4UWs6n6Y0cmAoM4lRW7VtWpiaxeExUOvPDeBGrq94pAIbSXmZKb4nyP6zArXQBTh3I862kEvvMFCt5Bo8ALvKzeJieXULTsq0/HIRBvFVjA4lIjofp+IAFSZOVH8pn1gpJRsV6P6PNEPIEwV8CXXLbkWSY+GHou8pQ/vBYr9Yo8irK/tB8NH7W+4RvueJiogST5e3r1ybQEVMBtZr+m6wQ+GFqkxw/XQPAxK5ndxC+qODJjnJoCYeJ5pdRqkoBipB1mjWOdosVmbKbYneafjM+rOnVR6HOaVZTjtQFbhCFYGKYzprtD6h2gMqPhFGZ2X0xTAnjlb
Comment Actions
Hi Mariana,
In order to correctly connect to our hosts, you need the ssh keypair, the ssh config, which basically tells the ssh program how to connect, and your yubikey as a password. You have generated the ssh keypair and I've got that in place. Additionally you provided the public side of your yubikey and I have that in our config. The last bit is the ssh client config file which you can create using the instructions at: https://collab.wikimedia.org/wiki/Fundraising_ssh_client_config
Once that is in place, you can actually use the ssh command to connect to the host.
I could hop on a hangout with you to walk through the process of connecting. We don't have a lot of overlap in our schedules but I could get up early tomorrow or we could do it early Monday morning PDT.
Dallas
Comment Actions
Hi Dallas,
That would be great if we could connect on a call. I've tried to follow
those instructions but when I add that on the terminal it does not work.
I'll send an invite now, for 10.30am PDT on Monday.
Thanks!
Mariana
Comment Actions
Worked with @MSuijkerbuijk_WMF to update the user setting in her ssh config file and she was able to connect.
@CCogdill_WMF - Could you advise on what database access she will need? Even if it's just a similar user to model her permissions off of.
Comment Actions
It would be great if she has access to all the same databases that I do,
but these are the ones on my mind:
- frdev1001
- /srv/br folder
- mysql civicrm
- mysql drupal
- mysql silverpop
I think that should do it!
Le mar. 1 oct. 2019 à 12:32 AM, Dwisehaupt <
no-reply@phabricator.wikimedia.org> a écrit :
Dwisehaupt added a subscriber: CCogdill_WMF.
Dwisehaupt added a comment. View Task
https://phabricator.wikimedia.org/T232633Worked with @MSuijkerbuijk_WMF
https://phabricator.wikimedia.org/p/MSuijkerbuijk_WMF/ to update the
user setting in her ssh config file and she was able to connect.@CCogdill_WMF https://phabricator.wikimedia.org/p/CCogdill_WMF/ - Could
you advise on what database access she will need? Even if it's just a
similar user to model her permissions off of.*TASK DETAIL*
https://phabricator.wikimedia.org/T232633*EMAIL PREFERENCES*
https://phabricator.wikimedia.org/settings/panel/emailpreferences/*To: *Dwisehaupt
*Cc: *CCogdill_WMF, Jgreen, Dwisehaupt, Aklapper, MSuijkerbuijk_WMF,
EBjune, DStrine, Jay8g
Comment Actions
Ok. The mysql grants have been adjusted and she should be all set.
[frack::puppet::private] 4b9552c Adding msuijkerbuijk to same mysql grants as ccogdill
Comment Actions
Hi @Dwisehaupt and @CCogdill_WMF
I just finished a call with Katie and I wonder if I need to request access to CiviCRM too. I don't think I've installed any certificate yet for this. I just see a member certificate on the Keychain.
Let me know if there's any step or guide I need to take for this.
Thanks,
Mariana
Comment Actions
Yeah, you'll need a CiviCRM cert to access the dash (
https://dash.frdev.wikimedia.org) at the least. Sorry, I take for granted
that we just set this up for fundraising people :)
Comment Actions
I can definitely get an SSL client certificate set up. In order for me to do that we need to have an entry for Mariana on the fundraising contact page: https://collab.wikimedia.org/wiki/Fundraising#Contact_List
Once she has an entry there I will generate the certificate and SMS her the password.
Comment Actions
Done, added my contact - last row in the table https://collab.wikimedia.org/wiki/Fundraising#Contact_List
Thanks!
Comment Actions
The SSL client certificate has been created and sent via email. The password has been SMS'd to the phone number on record.
Comment Actions
Hi Dallas,
I'm having trouble getting to civicrm. The password (Mac) I type in does not work.
It asks me for Login Keychain password, I've tried all the passwords I thought of and also restarted the computer.
Any tip?
Thanks
Comment Actions
Hi Mariana,
I'm not 100% sure which civicrm access you are talking about. Perhaps we can schedule some time Monday or Tuesday morning. I'm available starting about 8:30am PDT each day. Feel free to just put something on my calendar and I'll meet with you.
Dallas
Comment Actions
Verified that this access was for the civicrm application. I have created an account for @MSuijkerbuijk_WMF and she was able to log in. Closing this out.