Versions Compared

Version Old Version 1 New Version Current
Changes made by

Sean Matheny

Kahu Anderson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This Ansible automation is only available to sudo users.

To Add a New User

  1. SSH to each SSH node that you’d like to grant access to (this needs to be run separately on each HGX).

...

2. Escalate to root sudo su -, and cd to /root/sail-hgx/ansible/

...

After you run this, the SSH configuration will be the same on both servers.

Sending users ssh keys

There is a ansible playbook that is supported with a bash script to make this process a lot easier

Info

You will need to have setup an account at https://onetimesecret.com/account to support this process

  1. SSH to the HGX1 (hgx1.sail.cloud.nesi.nz) node

  2. Escalate to root sudo su - and cd to /root/sail-hgx/ansible/

    1. There is a one-time edit that needs to be done on the file send_ssh_key.sh, the following 2 Variables need to be update with your API and USER from https://onetimesecret.com/account

      1. API_USERNAME is your OneTimeSecret username

      2. API_KEY is the value from under the accounts section of OneTimeSecret

  3. Run send_ssh_key.sh and the answer the on screen prompts regarding the user and users email

    Code Block
    ./send_ssh_key.sh 
Enter the user that you want the ssh private key for:
kahu

Enter the users email to send the private key too:
kahu.anderson@nesi.org.nz

User : kahu
Users Email : kahu.anderson@nesi.org.nz
Are these values correct ? (y/n): y
Running ansible-playbook ansible/send-user-key.yml -e 'user=kahu' -e 'user_email=kahu.anderson@nesi.org.nz'
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [Test API] ***************************************************************************************************************

TASK [Create a OneTimeSecret for kahu and email kahu.anderson@nesi.org.nz] ****************************************************
ok: [localhost]

PLAY RECAP ********************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

  4. The user should recieve and email with a link to the secret that contains their ssh private key

The secret will last for 24 hours and then it will be burnt, first viewing of the secret will casue it to also be burnt

You can now copy the file contents of /home/NEWUSER/.ssh/id_rsa for the new user you created to give to the user to use. as well and send that to the user manually