Hey @Jgreen and @Dwisehaupt, could you please assist @CDenes_WMF in getting ssh access and setting up her yubikey?
I've forwarded approval from LGruwell separately, over email. And CDenes is in the fundraising contact list.
Thank you!
Setup steps
- user account
- account_setup:
- Add the user to the users.yaml and group_members.yaml files as appropriate.
- Push out puppet changes.
- account_setup:
- yubikey Requires: useraccount and OIT request to send out yubikey to user
- physical: Make a request to OIT to have a key sent to the user
- account_setup: Get public side and add to puppet-private/manifests/passwords/yubico.pp
- follow_on: Make sure user can use yubikey for ssh access
- ssh Requires: useraccount and yubikey
- key_setup: Send template/docs for generating keypair and ~/.ssh/config file
- account_setup: Get public side and add to puppet-private/secrets/ssh/default/$username
- follow_on: Verify user can ssh to frdev1001 using correct creds and passphrases when needed.
- mysql Requires: useraccount, yubikey, ssh
- account_setup
- Generate user a random mysql password and hash
- Create user block in grants
- Ensure user is in correct blocks for select rights on dbs.
- Generally use another user in same group as a guide
- Run the grant script to get the grants.
- Copy/paste to execute the grants
- follow_on: Verify user can ssh to frdev1001 and log in to mysql.
- account_setup