Hi,
I humbly request that:
My current production SSH key(s) are removed; and
The following SSH key is added
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7N+9wSCC9MdjE0ZNA4qp09RLcDarwNYQgcZakDS44t sbailey@wikimedia.org
Hi,
I humbly request that:
My current production SSH key(s) are removed; and
The following SSH key is added
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7N+9wSCC9MdjE0ZNA4qp09RLcDarwNYQgcZakDS44t sbailey@wikimedia.org
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
admin: change sbailey ssh key | operations/puppet | production | +1 -1 | |
admin: update user sbailey ssh key | operations/puppet | production | +1 -1 |
Change 631259 had a related patch set uploaded (by Herron; owner: Herron):
[operations/puppet@production] admin: change sbailey ssh key
Hi @Sbailey as a security precaution, could you please use your existing shell access to upload the desired new ssh key onto one of the bastions (let's say bast1002) as a file in your home directory called sbailey_new_ssh_key? Once done and confirmed we'll be ready to move forward with the above patch. Thanks in advance!
Ya, tried to do this, but do not have access. I might need to refresh my id_rsa.pub key as well. Not sure how this whole house of cards hangs together:
wmf1287:.ssh shannonbailey$ scp wikimedia_prod.pub sbailey@bast1002.eqiad.wmnet:sbailey_new_ssh_key
Password:
Password:
Password:
sbailey@bast2002.wikimedia.org: Permission denied (publickey,keyboard-interactive).
ssh_exchange_identification: Connection closed by remote host
lost connection
Is there another host in production where you have working access? Placing a file there would work too, just let me know where to check. Otherwise we can figure out another method. Thanks!
@Sbailey Note the right way to connect to bast1002 is ssh bast1002.wikimedia.org. That seems to be the reason why it failed for you. Everyone with any kind of prod SSH access has access to bast1002 AFAIK :).
I cannot access bast1002 using ssh bast1002.wikimedia.org
Keeps asking for Password: which I do not have.
I recommend to check your ssh config - it probably misses the IdentityFile directive you have for *.wmnet. Or, ssh -i /path/to/your/current/private/key bast1002.wikimedia.org should do the job.
Ok, there must be some other way to verify security. My previous SSH key is gone, I need a new one installed so I can log in to scandium somehow.
Change 632254 had a related patch set uploaded (by Herron; owner: Herron):
[operations/puppet@production] admin: update user sbailey ssh key
Change 632254 merged by Herron:
[operations/puppet@production] admin: update user sbailey ssh key
Hi @Sbailey, the updated SSH key has been deployed to servers by now. Please re-open if any follow-up is needed. Thanks!
Change 631259 abandoned by Herron:
[operations/puppet@production] admin: change sbailey ssh key
Reason:
handled in different patch