Recent Changes - Search:
TeamSetup /

OtherServers

Once you have been granted wheel access on pon.planetofnix.com, will be able to setup your accounts on other planetofnix servers. Each server has a user account of teamsetup for this process. You will need to generate an ssh key and send it to the other servers using this account. A cronjob on each server will check for new public keys and generate your account.

This process is intended to teach you how to use doas to access other accounts and to setup and use ssh keys for accessing accounts on other machines. You will use these tools frequently while managing servers and supporting users. If you have trouble with any of these steps, please ask for help in #planetofnix-team or send an email to support@planetofnix.com.

Generate SSH keys

The first step in the process is to generate an ssh public/private key pair from your account on pon.planetofnix.com. Log into your account and follow these instructions to generate your key. The script that sets up your account confirms you have wheel access and have set a password on your private key. So don't send it a key from your vps or local machine as it wont work for generating your account. You can add those keys later once you have your account setup.

It is a good practice in general to add a passphrase to your ssh private keys. Keys used to access planetofnix servers where you have wheel access MUST have passwords. This policy extends to other keys you use to access planetofnix systems. This reduces the risk to our systems if your local security is compromised.

Given that the password isn't stored in any database, and isn't transmitted to other systems for verification (it decrypts your local private key), it's generally considered safe to use the same password on multiple private keys. At least, it's permissible under our policy. I (izzyb) use the same password variation scheme for my private keys on multiple systems and password vaults.

Copy Your key to the TeamSetup user Directory

The process for getting accounts on the other servers is to copy your public key into the teamsetup account on each of the servers you want or need access to. The reason we do this from the pon.planetofnix.com server is because the local teamsetup account has ssh keys setup to allow this transfer without a password.

The teamsetup accounts do not have wheel access, so this is technically not a policy violation. It isn't ideal however - even user level accounts can be used to cause harm. We may find a better solution for this at some point.

If you followed these instructions to generate a key, you'll need to copy your public key into the teamsetup users home directory like this: 

cd ~
# REPLACE username with your user name. It is used as the account name being created
doas cp .ssh/id_ed25519.pub /home/teamsetup/username.pub

Next you'll want to become the teamsetup user. You'll want to remember this technique as it will come in handy for supporting users on the network. 

doas su - teamsetup
ls

Now you'll want to copy your public key over to the other machines. 

#REMEMBER to replace username with your username
scp username.pub teamsetup@host.planetofnix.com:
scp username.pub teamsetup@user.planetofnix.com:
scp username.pub teamsetup@pon2.planetofnix.com:
scp username.pub teamsetup@host2.planetofnix.com:

NOTE: There is a : at the end of those lines. That tells scp to put the file in the home directory of the teamsetup user at each of those domain names.

Now you wait for the script on each of those machines to see your public key and setup your accounts. You should receive an email in response. You can exit from the teamsetup user account back to your own and wait for the emails. Once you have them, you'll be able to ssh over to those machines from your pon.planetofnix.com shell account.