The Jumpbox Genesis kit has a number of useful addons:
$ genesis do my-env list Running list addon for my-env The following addons are defined: inventory Take an inventory of software installed on the jumpbox and the versions present. ssh SSH (interactively) into the jumpbox. who See who is logged into the jumpbox, via SSH. (requires the ability to login via SSH) If the 'openvpn' feature has been enabled, the following addons are also available: generate-vpn-config <user> Generate a client certificate (if missing) and an openvpn config file for a given user certs List the VPN certificates for the users defined on the given jumpbox environment. issue-cert <user> Issue a new VPN certificate to a named user, so that they can access the VPN. revoke-cert <user> Revokes an issued VPN user certificate, preventing them from accessing the VPN. renew-cert <user> Renew the lifetime of a previously-issued VPN certificate, without replacing the user's key. renew-all-certs Renews the lifetime of all previously-issued VPN certificates on the server, without replacing the keys reissue-cert <user> Re-issue a VPN user certificate, regnerating the users key in the first place. The old certificate will be revoked.
To ssh to the jumpbox, run:
$ genesis do my-env ssh
$ ssh [email protected] -i path/to/your/private.key
To make it easier to SSH to your jumpbox, setup an entry in your
Host jumpbox User you Hostname jumpbox-ip IdentityFile path/to/your/private.key
Then, you can
ssh jumpbox to connect.
Several engineers will use a given Jumpbox, each of whom should have their own account, with their own SSH key. This helps with both auditing and accountability, and also lets each person customize his or her environment (editor settings, prompt, shell, etc.)
The list of users provisioned on the jumpbox is in the
param of the Genesis Jumpbox kit. This is a YAML list. To add
new people, append new items to the list:
params: users: - name: new-user shell: /bin/bash ssh_keys: - ssh-rsa AAA.... [email protected]
Then, execute a
genesis deploy, or let your Genesis CI/CD
pipelines do the work.