Versions Compared

Old Version 1

changes.mady.by.user John Simmons (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user John Simmons (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
  1. Add your public key to $TIS-DEVOPS/ansible/roles/ssh/files/public_keys/:email. , keys should be in OpenSSH format.
  2. The following command needs to run to give access to the build server


$ ansible-playbook -i inventory/build tasks/ssh.yml

3. It may be useful to add the following to your ~/.ssh/config file (you can create a new text file in that location if you don't already have one). 

Host hee-build-
azure
aws
    Hostname aws.jump.tis.nhs.uk
port 9264
User bastion
ForwardAgent yes
PubKeyAuthentication yes
IdentityFile 
    port 22
    User bastion
    #RabbitMQ STAGE
    LocalForward 25672 10.160.0.147:15672
    #Neo4J HTTP, then BOLT
    LocalForward 27687 10.160.0.150:7687
    LocalForward 27474 10.160.0.150:7474
    ForwardAgent yes
    PubKeyAuthentication yes
    IdentityFile ~/.ssh/id_rsa

#Build Env

Host 10.140.0.*
    User heetis
    ProxyCommand ssh hee-build-

azure

aws nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no

#Stage Env
Host 10.

150

160.0.*
    User heetis
    ProxyCommand ssh hee-build-

azure

aws nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no

#Prod Env
Host 10.

160

170.0.*
    User heetis
    ProxyCommand ssh hee-build-

azure

aws nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no

#NIMDTA Env

Host 10.

170

254.

0

*.*
    User heetis
    ProxyCommand ssh hee-build-

azure

aws nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no

#Bastion Env

Host 10.99.0.*
    User bastion
    ProxyCommand ssh hee-build-

azure

aws nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no

# UI Dev serverHost

Host

10.150.0.136
User heetis
ProxyCommand ssh hee-build-azure nc %h %p
ForwardAgent yes
StrictHostKeyChecking no
#revalidation
LocalForward 28080 localhost:8080
#concerns
LocalForward 28084 localhost:8084
#reference
LocalForward 28088 localhost:8088
#profile
LocalForward 28082 localhost:8082
#notifications
LocalForward 28092 localhost:8092
#tcs
LocalForward 28093 localhost:8093
#connection-discrepancies
LocalForward 28095 localhost:8095
#db
LocalForward 3306 localhost:3306
# N3 Bridge
Host 10.1.3.*
User heetis
ProxyCommand ssh -W %h:%p hee-build-azure
ForwardAgent yes
StrictHostKeyChecking no

github.com
    Hostname ssh.github.com
    Port 443




We swapped platforms recently so some of the keys for the servers no longer match the original values. If you see a message similar to this when you try and connect then you will need to remove entries from your known hosts;


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:O6QtBrIMNz0c/OKPGmRLhEsQwOm4eeFgcPkd/yClwcs.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in ~/.ssh/known_hosts:1061


You have two options;

  • Delete your ~/.ssh/known_hosts file to remove all stored public keys.
  • Find the entries in ~/.ssh/known_hosts that are conflicting. In the case of the example above, the key on line 1061 was causing the problme so removing that line fixed the issue.


Graphical Overview (basic)