|
|
@@ -59,6 +59,22 @@ Name: gc-dev-proxy
|
|
|
|
|
|
> :NOTE: VPN required - Ensure you are connected to the correct VPN (in this case, XDRTest) when attempting to SSH into a server. SSH into proxy server from output using the `Id:` field in the cmd `ssh e1c10ac7-f152-45f4-9c42-ba6f30ffd2db` or by hostname `ssh gc-dev-proxy`
|
|
|
|
|
|
+
|
|
|
+### SSH without sft Using the msoc_build Key
|
|
|
+The ssh key used when packer builds the instance is called msoc_build. Because the servers are setup for FIPS mode, the msoc_build SSH key needs to be in "FIPS mode" before you use it.
|
|
|
+
|
|
|
+To bypass sft and use the msoc_build key use this command.
|
|
|
+
|
|
|
+`ssh -i msoc_build_fips centos@10.80.101.126`
|
|
|
+
|
|
|
+To use the key to ssh into hosts without the VPN use these commands. ( Agent Authentication forwarding )
|
|
|
+
|
|
|
+First, add msoc_build key to your ssh agent `ssh-add msoc_build_fips`
|
|
|
+Then, SSH into bastion with `ssh -A centos@34.237.123.128`
|
|
|
+Finally, SSH into target server with `ssh centos@10.96.101.249`
|
|
|
+The key authentication will get passed through the proxy server and sent to the target host.
|
|
|
+
|
|
|
+
|
|
|
### Troubleshooting SFT Client
|
|
|
|
|
|
Review the cache file: /var/lib/sftd/osync
|
Brad Poulton