Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

  1. Add your public key to $TIS-DEVOPS/ansible/roles/ssh/files/public_keys/:email. , keys should be in OpenSSH format.
  2. The following command needs to run to give access to the build server
$ ansible-playbook -i inventory/build tasks/ssh.yml

3. It may be useful to add the following to your ~/.ssh/config file (you can create a new text file in that location if you don't already have one). 

Host hee-build-azure
Hostname jump.tis.nhs.uk
port 9264
User bastion
ForwardAgent yes
PubKeyAuthentication yes
IdentityFile ~/.ssh/id_rsa

Host 10.140.0.*
User heetis
ProxyCommand ssh hee-build-azure nc %h %p
ForwardAgent yes
StrictHostKeyChecking no

Host 10.150.0.*
User heetis
ProxyCommand ssh hee-build-azure nc %h %p
ForwardAgent yes
StrictHostKeyChecking no

Host 10.160.0.*
User heetis
ProxyCommand ssh hee-build-azure nc %h %p
ForwardAgent yes
StrictHostKeyChecking no

Host 10.170.0.*
User heetis
ProxyCommand ssh hee-build-azure nc %h %p
ForwardAgent yes
StrictHostKeyChecking no

Host 10.99.0.*
User bastion
ProxyCommand ssh hee-build-azure nc %h %p
ForwardAgent yes
StrictHostKeyChecking no


# UI Dev server

Host 10.150.0.136
User heetis
ProxyCommand ssh hee-build-azure nc %h %p
ForwardAgent yes
StrictHostKeyChecking no
#revalidation
LocalForward 28080 localhost:8080
#concerns
LocalForward 28084 localhost:8084
#reference
LocalForward 28088 localhost:8088
#profile
LocalForward 28082 localhost:8082
#notifications
LocalForward 28092 localhost:8092
#tcs
LocalForward 28093 localhost:8093
#connection-discrepancies
LocalForward 28095 localhost:8095
#db
LocalForward 3306 localhost:3306
#generic-upload
LocalForward 8099 localhost:8099


# N3 Bridge
Host 10.1.3.*
User heetis
ProxyCommand ssh -W %h:%p hee-build-azure
ForwardAgent yes
StrictHostKeyChecking no

Host github.com
Hostname ssh.github.com
Port 443



We swapped platforms recently so some of the keys for the servers no longer match the original values. If you see a message similar to this when you try and connect then you will need to remove entries from your known hosts;

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:O6QtBrIMNz0c/OKPGmRLhEsQwOm4eeFgcPkd/yClwcs.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in ~/.ssh/known_hosts:1061

You have two options;

  • Delete your ~/.ssh/known_hosts file to remove all stored public keys.
  • Find the entries in ~/.ssh/known_hosts that are conflicting. In the case of the example above, the key on line 1061 was causing the problme so removing that line fixed the issue.


Graphical Overview (basic)

  • No labels