Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MAINT: don't mess with plc ssh key configs, avoid Administrator account #64

Merged
merged 2 commits into from
Mar 26, 2024
Merged

MAINT: don't mess with plc ssh key configs, avoid Administrator account #64

merged 2 commits into from
Mar 26, 2024

Conversation

ZLLentz
Copy link
Member

@ZLLentz ZLLentz commented Mar 9, 2024
edited
Loading

SSH Keys

While working on pcdshub/twincat-bsd-ansible#14 I realized that having the publickey option in the ssh config here means that:

  • When logging into a plc, you can be first prompted to unlock your public key
  • Your public key doesn't work anyway- we're not going around adding personal keys to every plc

Procedurally, doing it like this (after the edit) requires you to have access to the admin password, which seems in line with the procedure we want people to use for other protected systems like the switches etc.

Alternatively, we could do plc auth by having everyone send their public key to every plc, but that feels wrong.

Non-admin user

The other change here is to make it so you log in as a non-admin user by default. This means you need to opt-in as the Administrator user by doing e.g. ssh Administrator@plc-tst-bsd2, and if you simply ssh plc-tst-bsd2 you will log in as ecs-user instead.

@ZLLentz ZLLentz changed the title MAINT: don't mess with plc ssh key configs MAINT: don't mess with plc ssh key configs, avoid Administrator account Mar 19, 2024
@ZLLentz
Copy link
Member Author

ZLLentz commented Mar 22, 2024

I plan to ask for reviewers on this first thing Monday morning.

@ZLLentz ZLLentz requested review from ghalym and nrwslac March 25, 2024 16:55
nrwslac
nrwslac approved these changes Mar 25, 2024
View reviewed changes
Copy link

@nrwslac nrwslac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm.

@ZLLentz ZLLentz merged commit 9ab37c1 into pcdshub:master Mar 26, 2024
2 checks passed
@ZLLentz ZLLentz deleted the maint_bsd_pw branch March 26, 2024 17:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nrwslac nrwslac nrwslac approved these changes

@ghalym ghalym Awaiting requested review from ghalym

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ZLLentz @nrwslac