In some cases external hosts may need to allow authentication to Fedora Account System accounts, letting them use their regular ssh public key and Fedora Account System login.
Some examples might include:
- Secondary arch test/build machines to allow contributors access to machines to test and build their packages.
- Hosts that are seeing specific bugs that contributors may not be able to reproduce locally.
- Hosts that have additional resources that contributors do not have access to locally.
Procedure for allowing Tier2Hosting:
1. The hosts MUST set "ForwardAgent" to "no" in the system wide /etc/ssh/ssh_config file.
2. The hosts MUST add a /etc/ssh/sshrc file containing:
- !/bin/bash
rm -f $SSH_AUTH_SOCK >& /dev/null
3. The Submitter must file a ticket in the fedora-infrastructure ticket system: https://fedorahosted.org/fedora-infrastructure/ requesting an account and access to the Fedora Account System systems account. Make sure to indicate why you need to provide access, for how long and who is responsible for the access and machine.
4. Fedora Infrastructure will audit the machine and review the reason for access, and grant or deny the request.
5. A FAS account and password will be provided for use in fasClient to generate the accounts.