Page MenuHomePhabricator
Create Task
Maniphest T409279

Update to FIDO backed production SSH key for btullis
Closed, ResolvedPublicRequest
Actions

Description

As per these instructions: https://wikitech.wikimedia.org/wiki/Yubikey-SSH-FIDO#Instructions

I have generated a new SSH key for myself, backed by my Yubikey 5 NFC (Firmware version: 5.2.7)

I'll add this new key and then remove the classic key as a second step.

New public key:

sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBHFN1sWcajd9cxr4KDxjDvBYxgyuSvz13W0uer7L1pnlrd5LTKGfsQDRoYgsNlVgMlVkXk6kMWGt+Zt4dokHhdQAAAAEc3NoOg== Yubikey-5-NFC-btullis

Note that I was unable to use an ed25519-sk, presumably because the firmware of my yubikey is too old.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
admin: btullis: remove old ssh keyoperations/puppetproduction+0 -1
Add a FIDO backed SSH key for btullisoperations/puppetproduction+1 -0
Customize query in gerrit

Event Timeline

BTullis created this task.Nov 5 2025, 11:37 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 5 2025, 11:37 AM
gerritbot added a comment.Nov 5 2025, 11:45 AM

Change #1202100 had a related patch set uploaded (by Btullis; author: Btullis):

[operations/puppet@production] Add a FIDO backed SSH key for btullis

https://gerrit.wikimedia.org/r/1202100

gerritbot added a project: Patch-For-Review.Nov 5 2025, 11:45 AM
gerritbot added a comment.Nov 5 2025, 11:59 AM

Change #1202100 merged by Btullis:

[operations/puppet@production] Add a FIDO backed SSH key for btullis

https://gerrit.wikimedia.org/r/1202100

Maintenance_bot removed a project: Patch-For-Review.Nov 5 2025, 12:31 PM
Dzahn moved this task from Untriaged to Awaiting User Input on the SRE-Access-Requests board.Nov 5 2025, 5:52 PM
gerritbot added a comment.Nov 10 2025, 5:10 PM

Change #1203495 had a related patch set uploaded (by CDanis; author: CDanis):

[operations/puppet@production] admin: btullis: remove old ssh key

https://gerrit.wikimedia.org/r/1203495

gerritbot added a project: Patch-For-Review.Nov 10 2025, 5:10 PM
Dzahn changed the task status from Open to In Progress.Nov 14 2025, 4:17 PM
Dzahn moved this task from Awaiting User Input to Patch in Review on the SRE-Access-Requests board.
gerritbot added a comment.Nov 14 2025, 6:34 PM

Change #1203495 merged by Dzahn:

[operations/puppet@production] admin: btullis: remove old ssh key

https://gerrit.wikimedia.org/r/1203495

Dzahn subscribed.Nov 14 2025, 6:41 PM

@BTullis Deployed the change to remove your old key and forced puppet run on bastion hosts. If you can still login this should be resolved.

Maintenance_bot removed a project: Patch-For-Review.Nov 14 2025, 7:30 PM
Dzahn moved this task from Patch in Review to Ready To Go on the SRE-Access-Requests board.Nov 14 2025, 7:49 PM
Volans moved this task from Ready To Go to Awaiting User Input on the SRE-Access-Requests board.Mon, Nov 17, 1:46 PM
Volans subscribed.Tue, Nov 18, 11:16 AM

@BTullis can you confirm all is working fine and we can resolve this task?

BTullis added a comment.Tue, Nov 18, 2:55 PM

Yes, thanks. All good with my new key.

BTullis closed this task as Resolved.Tue, Nov 18, 2:55 PM
BTullis claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits