This document outlines how to utilize RPMs to grant access to the Steadfast Staff access to your server.
Adding the Steadfast YUM repository
You can install an RPM to your system to automatically add the repository data to the yum configuration.
Install the steadfast-release RPM. The repository package file is identical for all versions of CentOS.
# rpm -ivh http://mirror.steadfast.net/centos-steadfast/steadfast-release.rpm Retrieving http://mirror.steadfast.net/centos-steadfast/steadfast-release.rpm Preparing... ########################################### [100%] 1:steadfast-release ########################################### [100%]
Installing the steadfast-keys RPM
After installing the steadfast-release RPM as above, you can use yum to install the steadfast-keys RPM.
Note: If you already have a /root/.ssh/authorized_keys2 file in place, this action will overwrite it. The existing file will be saved to /root/.ssh/authorized_keys2.rpmorig.
# yum install steadfast-keys <snip> Transaction Summary ================================================================================ Install 1 Package(s) Total download size: 15 k Installed size: 10 k Is this ok [y/d/N]: y Downloading Packages: warning: /var/cache/yum/x86_64/7/steadfast/packages/steadfast-keys-20210712-1603.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 47c9d9af: NOKEY Public key for steadfast-keys-20210712-1603.noarch.rpm is not installed steadfast-keys-20210712-1603.noarch.rpm | 15 kB 00:00:00 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-steadfast-2021 Importing GPG key 0x47C9D9AF: Userid : "Steadfast Networks (Package Signing) <support@steadfast.net>" Fingerprint: c686 fee8 1733 0bf2 71cd d566 f94c 75d8 47c9 d9af Package : steadfast-release-2-3.noarch (@steadfast) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-steadfast-2021 Is this ok [y/N]: y <snip> Running Transaction Installing : steadfast-keys 1/1
Installed: steadfast-keys.noarch 0:20210712-1603 Complete!
Note that on the initial install you are prompted to import the GPG key. Verify that the key ID matches the information below:
Key ID: 47c9d9af and answer "yes". This warning will only occur once.
At this point, the Steadfast Staff Public Keys have been installed to your system at /root/.ssh/authorized_keys2. To update the keys with the most recent list, run "yum update" on your system.
Removing access
If you've been supplied a system and you would like to revoke access for the Steadfast Support Staff to your system, simply remove the steadfast-keys RPM:
# yum remove steadfast-keys <snip> Removing: steadfast-keys noarch 0:20210712-1603 installed 15 k Transaction Summary ================================================================================ Remove 1 Package(s) Installed size: 15 k Is this ok [y/N]: y <snip> Running Transaction Erasing : steadfast-keys 1/1 Removed: steadfast-keys.noarch 0:20210712-1603 Complete!
You can verify that the deinstall took place by checking if the /root/.ssh/authorized_keys2 file still exists.
|