# ssh access strategy

some notes on our current status, challenges and ways to address these

## questions

- [x] which keys do we accept on which users on which machines (infra/test)?
- [x] when deploying (by nixops/tf, machines infra/test, separate/local/deployed), which user and key do we pass?

## background

<!-- - manual setup kevin -->
  <!-- - `nixos-24.05-minimal-x86_64.iso` -->
  <!-- - `users.users.procolix.openssh.authorizedKeys.keys` (procolix SSH jump nodes) -->
- manual setup @niols
  - sync machines' `/etc/ssh/ssh_host_ed25519_key.pub` to:
    - `infra/test-machines/testxx/ssh_host_ed25519_key` (test machines)
    - `keys/systems/fedixxx.pub` (infra)

## challenges

- TF messing up non-root SSH access (`/etc/ssh/authorized_keys.d` absent)
- TF not having a clear SSH strategy for production
  - machine key? how to select the right user/key? how does nixops handle this?
- testing the panel locally not having a clear SSH strategy with password-protected SSH keys

## strategy

### which keys to accept on which users on which machines

- fedixxx/test0x
  <!-- - procolix -->
    <!-- - procolix jump nodes -->
  - root
    - fediversity team's individual keys
  - personal
    - personal (protected)
- test0x: a passwordless wheel account (personal accounts? root too?) should allow also an unprotected ssh key (personal?)

### how to use SSH on deployment

#### user

(note that `desired` columns are focused on the scope of #76, so keeping e.g. security considerations out of scope.)

| context | current | desired |
|-|-|-|
| nixops infra | root | root |
| nixops local | root | root |
| protected? nixops panel local | root | root |
| nixops panel deployed | root | root |
| tf local | personal (hard-coded) | root |
| protected? tf panel local | personal (hard-coded) | root |
| tf panel deployed | personal (hard-coded) | root |
| tf infra | root | root |

#### key

| context | current | desired |
|-|-|-|
| nixops infra | personal (thru ssh agent) | (protected) personal key |
| nixops local | personal (thru ssh agent) | personal |
| nixops panel local | personal (thru ssh agent, failed to handle password protection) | (unprotected) personal key |
| nixops panel deployed | machine key (thru ssh agent) | machine key |
| tf local | personal (thru ssh agent, password can be passed explicitly) | personal (unprotected, or if protected by passing it explicitly) |
| tf panel local | personal (thru ssh agent, password can be passed explicitly) | personal (unprotected, or if protected by passing it explicitly) |
| tf panel deployed | machine key (thru ssh agent) | machine key |
| tf infra | n/a | (protected) personal key (with password propagated, somehow) |

## outcomes

added sub-tasks to:

- #272
- #76
 - #274