configpolicy

dustin

History

Dustin 6bad6dcb7a ci: Use SSH key for sudo auth Now that servers are configured to use pam_ssh_agent_auth for `sudo` authentication, the Jenkins CI pipelines no longer need to manage the raw password for the jenkins user. A special SSH public key for Jenkins is listed in `/etc/security/sudo.authorized_keys`, so as long as a) the corresponding private key is in the SSH agent and b) SSH agent forwarding is enabled, Ansible will be able to perform privileged operations without a password.	2024-01-28 12:16:35 -06:00
..
applyConfigPolicy.groovy	ci: Use SSH key for sudo auth	2024-01-28 12:16:35 -06:00

Dustin 6bad6dcb7a ci: Use SSH key for sudo auth

Now that servers are configured to use *pam_ssh_agent_auth* for `sudo`
authentication, the Jenkins CI pipelines no longer need to manage the
raw password for the *jenkins* user.  A special SSH public key for
Jenkins is listed in `/etc/security/sudo.authorized_keys`, so as long
as a) the corresponding private key is in the SSH agent and b) SSH
agent forwarding is enabled, Ansible will be able to perform privileged
operations without a password.

2024-01-28 12:16:35 -06:00

applyConfigPolicy.groovy

ci: Use SSH key for sudo auth

2024-01-28 12:16:35 -06:00