Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

  1. Add your public key to $TIS-DEVOPS/ansible/roles/ssh/files/public_keys/:email. , keys should be in OpenSSH format.
  2. The following command needs to run to give access to the build server
$ ansible-playbook -i inventory/build tasks/ssh.yml

3. It may be useful to add the following to your ~/.ssh/config file (you can create a new text file in that location if you don't already have one). 

Host hee-build-aws
    Hostname aws.jump.tis.nhs.uk
    port 22
    User bastion
#RabbitMQ STAGE
LocalForward 25672 10.160.0.147:15672
#Neo4J HTTP, then BOLT
LocalForward 27687 10.160.0.150:7687
LocalForward 27474 10.160.0.150:7474
    ForwardAgent yes
    PubKeyAuthentication yes
    IdentityFile ~/.ssh/id_rsa

Host 10.140.0.*
    User heetis
    ProxyCommand ssh hee-build-aws nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no

Host 10.150.0.*
    User heetis
    ProxyCommand ssh hee-build-aws nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no

Host 10.160.0.*
    User heetis
    ProxyCommand ssh hee-build-aws nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no

Host 10.170.0.*
    User heetis
    ProxyCommand ssh hee-build-aws nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no

Host 10.99.0.*
    User bastion
    ProxyCommand ssh hee-build-aws nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no


# UI Dev server

Host 10.150.0.136
    User heetis
    ProxyCommand ssh hee-build-aws nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no
    #revalidation
    LocalForward 28080 localhost:8080
    #concerns
    LocalForward 28084 localhost:8084
    #reference
    LocalForward 28088 localhost:8088
    #profile
    LocalForward 28082 localhost:8082
    #notifications
    LocalForward 28092 localhost:8092
    #tcs
    LocalForward 28093 localhost:8093
    #connection-discrepancies
    LocalForward 28095 localhost:8095
    #db
    LocalForward 3306 localhost:3306
    #generic-upload
    LocalForward 8099 localhost:8099


# N3 Bridge
Host 10.1.3.*
    User heetis
    ProxyCommand ssh -W %h:%p hee-build-aws
    ForwardAgent yes
    StrictHostKeyChecking no

Host github.com
    Hostname ssh.github.com
    Port 443



We swapped platforms recently so some of the keys for the servers no longer match the original values. If you see a message similar to this when you try and connect then you will need to remove entries from your known hosts;

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:O6QtBrIMNz0c/OKPGmRLhEsQwOm4eeFgcPkd/yClwcs.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in ~/.ssh/known_hosts:1061

You have two options;

  • Delete your ~/.ssh/known_hosts file to remove all stored public keys.
  • Find the entries in ~/.ssh/known_hosts that are conflicting. In the case of the example above, the key on line 1061 was causing the problme so removing that line fixed the issue.


Graphical Overview (basic)

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.