Difference between revisions of "SSH Key Enable/Disable"

From Roaring Penguin
Jump to: navigation, search
m (Support Key)
 
Line 29: Line 29:
  
 
It can save a lot of time if the keys are enabled prior to a support request, so you may want to  
 
It can save a lot of time if the keys are enabled prior to a support request, so you may want to  
leave them enabled at all times. If this access is limited to only our IPs then this is  
+
leave them enabled at all times. If access is limited to only our IPs, then this is  
generally safe, but you can feel free to abide by whatever policies are required for your
+
generally safe.
organization.
 
  
 
<div style="float:right; clear:both; margin-right:0.5em">[[Support Wiki | [Home]]]</div>
 
<div style="float:right; clear:both; margin-right:0.5em">[[Support Wiki | [Home]]]</div>
 
[[category:All]][[category:Security]][[category:Management]]
 
[[category:All]][[category:Security]][[category:Management]]

Latest revision as of 12:03, 19 September 2018

Firewall

To allow Roaring Penguin support staff to ssh to your remote CanIt system, you need to open up access on your firewall such that we can get to your machine on port 22. If you do this through the forwarding of an alternative port, please let Roaring Penguin staff know this port number each and every time you make a new support request.

You can limit this access to our IPs. Currently we use these three IP addresses:

  • 72.137.191.171
  • 108.63.66.105
  • 206.248.171.190

The third is expected to be discontinued, but we will keep this wiki up to date.

Once connected to one machine, we should be able to hop from there to any other CanIt machine in a clustered scenario, so you should not have to set up SSH to each individual node.

Support Key

CanIt appliances will automatically install and enable our support SSH key. If you have disabled that key previously, or simply want to ensure that it is enabled before submitting a request, you can do so by running the following from the command line on the CanIt machine:

   /usr/share/canit/scripts/canit-service-key --enable

When we have finished you can disable access with:

   /usr/share/canit/scripts/canit-service-key --disable

It can save a lot of time if the keys are enabled prior to a support request, so you may want to leave them enabled at all times. If access is limited to only our IPs, then this is generally safe.