4.3.5.1 SSH access

2FA SSH Access

Now that your servers are provisioned you can SSH in using either the IP address or the domain, plus your username as it is configured in inventory files. The first time you do so you will be required to set up 2FA for your server administrators.

You must have the Google Authenticator app on your mobile phone. You can download this from the Google Play Store or Apple App Store.

Scan the QR code to add the server as an option in Google Authenticator, then enter the 6-digit 2FA code that is generated to access the server.

For all the initial set-up questions that are asked, accept defaults by typing "y"

You will also notice that root SSH access is now disabled as a security posture.

Removing SSH Access for a user

If a server administrator needs to be removed from having SSH access to a server, these are the steps you need to take:

In the inventory file for the server, find the user block for the user you wish to remove and set the value state to absent:

state: absent

Commit the updated inventory file to Git
Run the Provision action for the environment with just the "users" task selected. It is quicker and less intensive than selecting "all"

Now the user will no longer have SSH access to the server
You can delete their block entirely from inventory files and commit the file to Git if you wish.

Previous4.3.5 Provisioning servers Next4.3.5.2 Building, pushing & releasing your countryconfig code

Last updated 7 days ago