Fediversity/meta
13
3
Fork 4
Code Issues Pull requests Projects Releases Packages Wiki Activity
meta/architecture-docs/2025-03-31-ssh-strategy.md

2.7 KiB
Raw Blame History

ssh access strategy

some notes on our current status, challenges and ways to address these

questions

  • which keys do we accept on which users on which machines (infra/test)?
  • when deploying (by nixops/tf, machines infra/test, separate/local/deployed), which user and key do we pass?

background

  • manual setup @niols
    • sync machines' /etc/ssh/ssh_host_ed25519_key.pub to:
      • infra/test-machines/testxx/ssh_host_ed25519_key (test machines)
      • keys/systems/fedixxx.pub (infra)

challenges

  • TF messing up non-root SSH access (/etc/ssh/authorized_keys.d absent)
  • TF not having a clear SSH strategy for production
    • machine key? how to select the right user/key? how does nixops handle this?
  • testing the panel locally not having a clear SSH strategy with password-protected SSH keys

strategy

which keys to accept on which users on which machines

  • fedixxx/test0x
    • root
      • fediversity team's individual keys
    • personal
      • personal (protected)
  • test0x: a passwordless wheel account (personal accounts? root too?) should allow also an unprotected ssh key (personal?)

how to use SSH on deployment

user

(note that desired columns are focused on the scope of #76, so keeping e.g. security considerations out of scope.)

context current desired
nixops infra root root
nixops local root root
protected? nixops panel local root root
nixops panel deployed root root
tf local personal (hard-coded) root
protected? tf panel local personal (hard-coded) root
tf panel deployed personal (hard-coded) root
tf infra root root

key

context current desired
nixops infra personal (thru ssh agent) (protected) personal key
nixops local personal (thru ssh agent) personal
nixops panel local personal (thru ssh agent, failed to handle password protection) (unprotected) personal key
nixops panel deployed machine key (thru ssh agent) machine key
tf local personal (thru ssh agent, password can be passed explicitly) personal (unprotected, or if protected by passing it explicitly)
tf panel local personal (thru ssh agent, password can be passed explicitly) personal (unprotected, or if protected by passing it explicitly)
tf panel deployed machine key (thru ssh agent) machine key
tf infra n/a (protected) personal key (with password propagated, somehow)

outcomes

added sub-tasks to:

  • #272
  • #76
  • #274