Page MenuHomePhabricator
Create Task
Maniphest T250117

Update ssh-keypair, yubikey public key , and verify access to mysql databases
Closed, ResolvedPublic
Actions

Description

Hi! I need to set up a new Yubikey as well as get access to MYSQL databases. Please let me know what information you need from me to get this access. Thank you!

[x] user account
Requires: user_verification
[x] Add the user to the users.yaml and group_members.yaml files as appropriate.
[x] Push out puppet changes.
[x] yubikey
Requires: useraccount and OIT request to send out yubikey to user
[x] physical: Make a request to OIT to have a key sent to the user
[x] account_setup: Get public side and add to puppet-private/manifests/passwords/yubico.pp
[x] follow_on: Make sure user can use yubikey for ssh access
[x] ssh
Requires: useraccount and yubikey
[x] key_setup: Send template/docs for generating keypair and ~/.ssh/config file
[x] account_setup: Get public side and add to puppet-private/secrets/ssh/default/$username
[x] follow_on: Verify user can ssh to frdev1001 using correct creds and passphrases when needed.
[x] mysql
Previous setup for mysql with permissions and config files is already in place

Event Timeline

jkim_wikimedia created this task.Apr 13 2020, 10:03 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 13 2020, 10:03 PM
DStrine added a project: fundraising-tech-ops.Apr 14 2020, 2:53 PM
Dwisehaupt claimed this task.Apr 14 2020, 3:36 PM
Dwisehaupt moved this task from Triage to In Progress on the fundraising-tech-ops board.Apr 14 2020, 4:36 PM
Dwisehaupt added a comment.Apr 14 2020, 4:42 PM

@jkim_wikimedia It looks like you should already have mysql access on the frdev host. To get there you will need the yubikey and to know the passphrase for your existing ssh key-pair (created 2018).

Please let me know if you don't remember that passphrase and I'll send you information so you can generate a new key-pair and gather what we require from the yubikey.

If you do remember the passphrase, I will just send you the information needed to gather what we require from the yubikey.

jkim_wikimedia added a comment.Apr 14 2020, 4:50 PM

Thanks @Dwisehaupt ! Does it matter if my yubikey has changed? I think I'll need help with the passphrase! Thanks so much.

DStrine moved this task from Triage to FR-Ops on the Fundraising-Backlog board.Apr 14 2020, 4:52 PM
Dwisehaupt added a comment.Apr 14 2020, 4:59 PM

@jkim_wikimedia We'll get the new information from your yubikey. As far as the passphrase, that is something only you would know and is only kept on your local machine. Since it sounds like you may not have that any more, I'll send you an email with the information for generating a new key-pair along with how to gather the information from the yubikey.

Dwisehaupt renamed this task from Access to mysql databases to Update ssh-keypair, yubikey public key , and verify access to mysql databases.Apr 14 2020, 5:03 PM
Dwisehaupt updated the task description. (Show Details)
Dwisehaupt added a comment.Apr 14 2020, 5:22 PM

Instructions sent via email.

jkim_wikimedia added a comment.Apr 14 2020, 6:22 PM

@Dwisehaupt I think this is it?!
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtYmJvhGpTjuQArdbaSsHfBJzj2pRc/rYvfmrJqvV1IoQAbpYh2hEozcAtvXV35msOa3qGbMDlBvf/yC7DVyr9/mCdYFWiJ4BvHLX+wyn6oJ7jht7EnTYlSjZOhV+RIi7AQsyV8tU0qWPSLwVPskwbhD7530SjoOxKPHFjW7ChI4d7/Ww3NXdoEj0+HTCP2UI0gpoJZ5qrM02huu3uNVO33vVuK90fqWQWey5V/LMsoqKYqFLIpFesi3frcruFMSiYj7C88gfThrv6Cruq8UZLIPcIZ693IJ/cYd3FbaOynn0/lsz9BC59VAumgDMq4Dvl9Uh0FpHD1u8p0h9S14tz8HFymo7FcaezGFWJYK9jDoGzL+r3xU9e3Kwej8RJ30SraTAPvZ4sWYMCvDb9jjECXb5IEofzt0YcTrx74CTCorEdFTxBmKTrOVi1Olqw5FxOWQCSQrZ2XIwdPM9qhD3769dYWCBmgx3sJ1ZDSwLmO5E9G1nmigT6iRL95MX6JwKwpmR9EX/AUNfGp4v2DlGnjG5Bxf0pl7QbEDJCaKJ/urX2OMCXFZGZkamxEcfsli6wmhRW7R13Tu3ArL46yVZU0xJiGb97uuoBMogQi4109XlGJQ3xNbTZJS2kaxr9kgFy2ZScuBcCVLOCKtiP/RAwfGyah2mzJofnvGOMBjaxJQ== jkim@wikimedia.org

Dwisehaupt added a comment.Apr 14 2020, 6:39 PM

@jkim_wikimedia That looks correct. I'll add it into the config. Will just need your new yubikey public side as the last bit.

jkim_wikimedia added a comment.Apr 14 2020, 6:41 PM

I believe it is: ccccccntbngj

Dwisehaupt added a comment.Apr 14 2020, 6:43 PM

New public key updated and pushed out.

[frack::puppet::private] d6e1722 Updated ssh public key for jkim
Dwisehaupt updated the task description. (Show Details)Apr 14 2020, 6:43 PM
Dwisehaupt added a comment.Apr 14 2020, 7:00 PM

@jkim_wikimedia Thanks. That looks correct. I've added it into config and pushed out the change. I'll follow up with an email about how to test your login.

[frack::puppet::private] b9a0194 Updated yubikey for jkim
Dwisehaupt updated the task description. (Show Details)Apr 14 2020, 7:01 PM
Dwisehaupt added a comment.Apr 14 2020, 9:22 PM

Verified access worked for ssh and mysql. All set.

Dwisehaupt closed this task as Resolved.Apr 14 2020, 9:22 PM
Dwisehaupt triaged this task as Medium priority.
Dwisehaupt updated the task description. (Show Details)
Dwisehaupt moved this task from In Progress to Done on the fundraising-tech-ops board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL