ab571639c78e5be016b7494a3d8f3dffec2038ab
iac/awx.md
| ... | ... | @@ -13,8 +13,10 @@ cd awx-operator && \ |
| 13 | 13 | ``` |
| 14 | 14 | make deploy |
| 15 | 15 | ``` |
| 16 | +* wait for 2 running |
|
| 16 | 17 | * this skips the need to have your own `kustomization.yaml` but it seems we need it later any way |
| 17 | 18 | ``` |
| 19 | +--- |
|
| 18 | 20 | apiVersion: kustomize.config.k8s.io/v1beta1 |
| 19 | 21 | kind: Kustomization |
| 20 | 22 | resources: |
networking/ssh.md
| ... | ... | @@ -48,6 +48,15 @@ a mitm attack) run the following to remove from 'known_hosts' |
| 48 | 48 | ssh-keygen -f $HOME/.ssh/known_hosts -R <hostname> |
| 49 | 49 | ``` |
| 50 | 50 | |
| 51 | +## sshd_config |
|
| 52 | +* allow one user and all users in group |
|
| 53 | +* if only use `AllowGroup` it overrides the `AllowUsers` |
|
| 54 | +``` |
|
| 55 | +AllowUsers <username> |
|
| 56 | +Match group users |
|
| 57 | + AllowUsers * |
|
| 58 | +``` |
|
| 59 | + |
|
| 51 | 60 | ## ref |
| 52 | 61 | [ssh][] guide |
| 53 | 62 | |
| ... | ... | @@ -55,9 +64,6 @@ ssh-keygen -f $HOME/.ssh/known_hosts -R <hostname> |
| 55 | 64 | [socks proxy]: https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/ |
| 56 | 65 | [ssh]: http://lackof.org/taggart/hacking/ssh/ |
| 57 | 66 | |
| 58 | - |
|
| 59 | - |
|
| 60 | - |
|
| 61 | 67 | * must have dns resolv on greyskull (and nublar for lxc) |
| 62 | 68 | * must have short name in ssh/config on nublar for lxc |
| 63 | 69 | * must have cert-auth known host on nublar for lxc |