search

cloudfoundry-community-attic / aws-nat-bastion-bosh-cf

Set up a best practices Cloud Foundry with just a few commands.
2 stars 7 forks source link

So is it $HOME/.ssh, or ./sshkeys? #17

Closed jahio closed 8 years ago

jahio commented 8 years ago

Stumbled upon this in the code while looking for something else.

# config/aws/bosh.yml+132
  ssh_tunnel:
    host: ${network}.1.6
    port: 22
    user: vcap
    private_key: ~/.ssh/bosh.pem

If we have ./sshkeys, and tell users to put their private key there, why are we referencing the user's $HOME/.ssh for the bosh.pem key?

Either: a) This is a bug or an oversight that...somehow...we haven't stepped on this landmine, or; b) It's intentional for some good reason and it needs to be documented that you put the key in TWO places, not just one.

sethlindberg commented 8 years ago

I think this can be closed. ./sshkeys is the only place where bosh.pem needs to be placed. Looking at: https://github.com/cloudfoundry-community/aws-nat-bastion-bosh-cf/blob/master/scripts/provision-bastion#L32 shows that from ./sshkeys/* gets put onto the bastion host to allow ssh into bosh from there.

7hunderbird commented 8 years ago

I agree @sethlindberg. We have notes in the README and this clue in the terraform config example file is also helpful. Closing issue.