[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #33868 [Internal Services/Tor Sysadmin Team]: fabric (incorrectly) asumes User root ssh_config
#33868: fabric (incorrectly) asumes User root ssh_config
-------------------------------------------------+-------------------------
Reporter: anarcat | Owner: anarcat
Type: defect | Status: closed
Priority: Low | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Major | Resolution: fixed
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by anarcat):
* status: accepted => closed
* resolution: => fixed
Comment:
I have set `user = 'root'` in `tsa_misc/fabric.py` but because Fabric's
~/.ssh/config support *overrides* the configuration set there, it was
still not working for some specific hosts where i had `User anarcat` set.
the workaround I used there was to change the `purpose` field of
`pauli.torproject.org` to `puppet.torproject.org`. This, in turn, added
`puppet.torproject.org` to the `ssh_known_hosts` file generated by ud-ldap
and distributed everywhere. so now I can have this `~/.ssh/config`
configuration:
{{{
# interact as a normal user with Puppet and LDAP servers by default
Host puppet.torproject.org db.torproject.org
User anarcat
Host *.torproject.org
UserKnownHostsFile ~/.ssh/known_hosts.torproject.org
User root
VerifyHostKeyDNS ask
# use jump host if the network is not in the trusted whitelist
Match host *.torproject.org, !host perdulce.torproject.org, exec "!
trusted-network"
ProxyJump anarcat@xxxxxxxxxxxxxxxxxxxxxxx
}}}
and connecting to (say) `pauli.torproject.org` will still login as `root`.
i have still hardcoded the `root@` account for `puppet.torproject.org` in
the source code defaults for that reason.
i think this should be good enough for now.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33868#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs