You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
is there any reason why -o PubkeyAuthentication=no is used in https://github.com/dmwm/deployment/blob/master/admin/InstallDev#L71 ? We (DBS 3) have set-up an environment, that allows us to install dbs3 vms running under the dbs3 service account without knowing the password by using public keys. Unfortunately, that is not working anymore. Do you think we can remove that option again, at least for the InstallDev?
Thanks,
Manuel
The text was updated successfully, but these errors were encountered:
When you need to run ProxySeed to upload credentials to myproxy, it needs to have access to the usercert/key.pem. Since the user home where these files are found is on his home on AFS, we want to make sure the ssh initializes the session with a kerberos token and afs ticket, that's why we disable the pubkey authentication.
Besides that, the userkey.pem is protected with a passphrase, so this part of the script really wants to bug the user for: getting a kerberos token and for unlocking his key.
So I don't think you can robotize this step without breaking a few security rules. What we could do is add an option to ignore if the proxy seed fails and them after-wards you drop the proxy there some other security approved way (i.e. you generate/renew it properly elsewhere a set a cronjob to copy the proxy to your devvm).
But can you remind me why DBS needs a proxy? is this DBSMigration accessing DBS3 APIs?
in our case the home directory of the service account is locally on the VM. I use fabric to deploy the VMs from my laptop. First the usercert/key.pem are copied to the VM and of course they are password protected, so I have to enter the password when installing the VM and this not a problem.
The problem is the service account password. I am not sure, if I am allowed to distribute the password to Yuyi for example. So we used public keys the enable password less login to the service account on the VMs and this is not working with -o PubkeyAuthentication=no.
DBS needs a proxy, because the migration service is accessing DBS3 APIs using pycurl.
Hi Diego, Alan,
is there any reason why -o PubkeyAuthentication=no is used in
https://github.com/dmwm/deployment/blob/master/admin/InstallDev#L71 ? We (DBS 3) have set-up an environment, that allows us to install dbs3 vms running under the dbs3 service account without knowing the password by using public keys. Unfortunately, that is not working anymore. Do you think we can remove that option again, at least for the InstallDev?
Thanks,
Manuel
The text was updated successfully, but these errors were encountered: