[Labs-l] How to add an SSH Service Account
Matthew Walker
mwalker at wikimedia.org
Sun Mar 3 06:36:34 UTC 2013
Hey All,
What I'm looking at is I have files on aluminium.wikimedia.org that I need
to move to my labs instance. The connection must be outbound from Al into
labs. My instance has a public IP and I can access it from outside with my
labs account. The trouble occurs when I tried to be all fancy and secure
and set up a service account on my labs instance so that I could SCP the
files from al to labs without using my own full privilege account.
So, I create a new user al_data_agent, generate an ssh key, put the key in
/etc/ssh/userkeys/al_data_agent/.ssh/authorized_keys, set appropriate
permissions on that path, and add an appropriate line to
/etc/security/access.conf. Whoo!
... but this all only lasts as long as the next puppet run. So! What is the
correct way to do what I'm trying to do?
~Matt Walker
Wikimedia Foundation
Fundraising Technology Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20130302/83d7491c/attachment.html>
More information about the Labs-l
mailing list