Closed
Bug 1124623
Opened 9 years ago
Closed 9 years ago
figure out SSH access strategy for AWS nodes
Categories
(Socorro :: Infra, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dmaher, Unassigned)
References
Details
There must be a way to log into the AWS nodes via SSH. This is a tricky question that involves a handful of different items. Questions we need to answer include, but are not limited to, the following: Network: * What port should SSHd run on? * Should we allow access to the SSHd port from 0.0.0.0/0? * If no, how do we restrict access sanely? * Jumphosts? * VPN? * Some magic Amazon thing maybe? idk. System: * Do we permit root login? (haha, jk, of course not.) * Users? * Just one user (i.e. "socorro")? * Accounts for everybody? * SSH keys * If just one user, is there just one key? * If just one user, multiple keys? * sudo * NOPASSWD or not? We need to sort this out relatively quickly as it will become a blocker for rolling out actual infra.
Reporter | ||
Comment 1•9 years ago
|
||
Network: * SSHd will run on some random port. * Access will be allowed from any IP. System: * Just one user. * Most "cloud" versions of distros have a default user - we'll roll with that one. * Multiple keys for said user. * sudo with NOPASSWD is fine. * If an attacker can login in the first place then there are other, larger considerations in the mix.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 2•9 years ago
|
||
A note on configuring OpenSSH: https://wiki.mozilla.org/Security/Guidelines/OpenSSH
You need to log in
before you can comment on or make changes to this bug.
Description
•