smoser

Set up a ssh tunnel only user

In order to give someone access to hosts that are available only by ssh "bouncing" (ProxyJump), add a user for this specific purpose.

We have an internal openstack where instances get IPs on per-tenant networks. Each tenant has a 'bastion' host that has a "public" ip (floating ip). You can access other instances by bouncing through the bastion. From time to time I want to let someone else into an instance. This could be done either with:

a.) just give them shell access to the bastion and let them hop through. Sharing an unrestricted shell account on my bastion is less than ideal. b.) assign a floating/"public" IP to the instance so they could go directly in. Floating IPs are limited, so this is less than ideal.

So instead, I have set up a single user as described here that can only be used for ProxyJump. It allows others proxied access to my instances but without granting them full shell access.

mikeygee

<!-- using the truncate filter -->
{% for post in site.posts limit:10 %}
   <h2><a href="{{ post.url }}">{{ post.title }}</a></h2>
   <span class="post-date">{{ post.date | date: "%B %d, %Y" }}</span>
   {% if post.content.size > 2000 %}
      {{ post.content | truncatewords: 300 }} <!-- bad! content gives you rendered html and you will truncate in the middle of a node -->
      <a href="{{ post.url }}">read more</a>
   {% else %}
      {{ post.content }}
   {% endif %}