Fundraising/techops/docs/frack ssh access
To access fundraising machines, you will need an ssh key, a specialized ssh config file, and a yubikey.
Access Request
Before any access can be granted, an access request needs to be opened in phabricator with a fundraising-tech-ops tag on it. You can follow the procedure on the Fundraising Access Requests page.
This access request should include any specific hosts required and what type of access is needed (ie: ssh access, database access, civi access).
Yubikey Activation
Once you have a yubikey, we need to collect the public side of it in order to authorize it in our systems.
You can obtain the ID by opening a text editor and then repeatedly pressing the button on the yubikey. You will notice there are 12 characters at the beginning of the output that don't change. Those 12 characters are the public side of the key that you will need to provide.
Once you have the public side, you can paste it into your access request ticket or ask fr-tech-ops how they would like you to provide it.
SSH
Generating your SSH key
First, you'll have to generate a new SSH keypair -- do not reuse an existing key which has been used anywhere else. GitHub has a good help page (note that you can switch between Mac, Windows, and Linux documentation right under the title).
To generate an EdDSA key, do the following commands
- Open Terminal
- Paste the text below substituting your Wikimedia email address
ssh-keygen -t ed25519 -C "your_email@wikimedia.org"
- When you're prompted to "Enter a file in which to save the key," type /Users/your_username/.ssh/fr_id_ed25519 and press Enter. Please make sure to substitute "your_username" with the username on your local machine. This will specify a fundraising specific key name.
- At the prompt, type a secure passphrase.
Once your new SSH key is set up, you will need to provide the contents of that file to fundraising-tech-ops so they can get it where it needs to go. You can get the contents by using the following command in a Terminal window:
cat ~/.ssh/fr_id_ed25519.pub
SSH Config file
Make a new config file in your ssh directory (this command will have no output):
Open the file in your preferred text editor:
Then update the file with a base ssh config. The canonical place for fundraising ssh config files is the Fundraising ssh client config page. Here is an example config that could be used but it is best to reference that page for the latest updates.
Make sure you update "user_name" with the username on the remote fundraising servers (get the most updated server list from team)
SSH Fingerprints
SSH fingerprints of host keys for WMF Fundraising Servers are below. These can be used to validate the authenticity of keys offered by hosts when attempting to connect for the first time or if the key has changed.