SSH Access to VMs

Comments (6)

1. 

   Andrew Savchenko

   Using public SSH keys from LDAP should be the most convenient way for developers, though I don't know if it will be easy to implement.

   • 2017-01-01T17:05:19+00:00
2. 

   Doug Freed reporter

   Only Gentoo infra has access to Gentoo LDAP, and this won't be running on Gentoo infra for now (I could ask for an exception, but I don't know if it'll be allowed). There'll be a page where you can set your SSH keys for access into the VMs.

   • 2017-01-01T20:41:15+00:00
3. 

   Andrew Savchenko

   Each developer has read access to sshPublicKey field of other developers, so you can fetch pubkeys using your own account on a regular basis (e.g. daily) or ask infra for a special purpose account.

   • 2017-01-02T10:00:49+00:00
4. 

   m

   As a user, I'd like to be able to offer a VM on my workstation for a tinderbox cluster node. If that were possible, I don't think any devs would want to trust the security of such an environment with authentication credentials. So if a tinderbox cluster node were to be a thing, the security of its connection to Gentoo LDAP (if such a thing were present) should be considered.

   • 2017-01-02T15:12:37+00:00
5. 

   Doug Freed reporter

   This may surprise you, but I'm not a Gentoo developer. The larger issue, though, is that Gentoo LDAP servers do not allow connections from machines not run by the Gentoo Infra team, so I can't query LDAP at all from a machine that isn't blessed. Thus, requiring people to provide their SSH public keys on the web interface to be able to log into the VMs is the only viable method.

   • 2017-01-02T16:59:10+00:00
6. 

   Andrew Savchenko

   This may surprise you, but I'm not a Gentoo developer

   Ah, sorry, I missed that, even more thanks for your work :) I have no further objections.

   • 2017-01-02T22:38:14+00:00
7. Log in to comment