Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

  1. Add your public key to $TIS-DEVOPS/ansible/roles/ssh/files/public_keys/:email. , keys should be in OpenSSH format.
  2. The following command needs to run to give access to the build server
$ ansible-playbook -i inventory/build tasks/ssh.yml

3. It may be useful to add the following to your ~/.ssh/config file (you can create a new text file in that location if you don't already have one). 

Host hee-build-azure
  Hostname jump.tis.nhs.uk
  port 9264
  User bastion
  ForwardAgent yes
  PubKeyAuthentication yes
  IdentityFile ~/.ssh/id_rsa

Host 10.140.0.*
  User heetis
  ProxyCommand ssh hee-build-azure nc %h %p
  ForwardAgent yes
  StrictHostKeyChecking no

Host 10.150.0.*
  User heetis
  ProxyCommand ssh hee-build-azure nc %h %p
  ForwardAgent yes
  StrictHostKeyChecking no

Host 10.160.0.*
  User heetis
  ProxyCommand ssh hee-build-azure nc %h %p
  ForwardAgent yes
  StrictHostKeyChecking no

Host 10.170.0.*
  User heetis
  ProxyCommand ssh hee-build-azure nc %h %p
  ForwardAgent yes
  StrictHostKeyChecking no

Host 10.99.0.*
  User bastion
  ProxyCommand ssh hee-build-azure nc %h %p
  ForwardAgent yes
  StrictHostKeyChecking no


# UI Dev server

Host 10.150.0.136
  User heetis
  ProxyCommand ssh hee-build-azure nc %h %p
  ForwardAgent yes
  StrictHostKeyChecking no
  #revalidation
  LocalForward 28080 localhost:8080
  #concerns
  LocalForward 28084 localhost:8084
  #reference
  LocalForward 28088 localhost:8088
  #profile
  LocalForward 28082 localhost:8082
  #notifications
  LocalForward 28092 localhost:8092
  #tcs
  LocalForward 28093 localhost:8093
  #connection-discrepancies
  LocalForward 28095 localhost:8095
  #db
  LocalForward 3306 localhost:3306
  #generic-upload
  LocalForward 8099 localhost:8099


# N3 Bridge
Host 10.1.3.*
  User heetis
  ProxyCommand ssh -W %h:%p hee-build-azure
  ForwardAgent yes
  StrictHostKeyChecking no

Host github.com
  Hostname ssh.github.com
  Port 443





We swapped platforms recently so some of the keys for the servers no longer match the original values. If you see a message similar to this when you try and connect then you will need to remove entries from your known hosts;

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:O6QtBrIMNz0c/OKPGmRLhEsQwOm4eeFgcPkd/yClwcs.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in ~/.ssh/known_hosts:1061

You have two options;

  • Delete your ~/.ssh/known_hosts file to remove all stored public keys.
  • Find the entries in ~/.ssh/known_hosts that are conflicting. In the case of the example above, the key on line 1061 was causing the problme so removing that line fixed the issue.


Graphical Overview (basic)

  • No labels