Libera:SSH

From Werewolf Wiki
Jump to navigation Jump to search

This page is for #werewolf ops on libera, for SSH access to the lykos bot instance. If you are not a #werewolf op, there is nothing of interest here.

Initial Setup

  1. Poke moonmoon on IRC to establish an account for you. He will give you an "email" (you will not be able to send or receive actual email using this address) and temporary password.
    • Notes for moonmoon: The First Name, Last Name, and Email Address fields are required when creating the account. Create the account with an expired password, add the account to the MFAEnabled AD group, manually run the directory sync in Duo, and add the email to the lykos group in the Tailscale ACL.
  2. Log into https://skiznet.login.duosecurity.com with the email and password provided. You will be prompted to change your password. Please choose something secure and unique and store it in a password manager.
  3. Enroll a device in Duo, for example via the Duo Mobile app (iOS / Android). If you choose the "I have a tablet" option, you will be able to enroll the app without needing to enter any phone numbers. Alternatively, you can enroll a phone number (for calls and/or SMS), a YubiKey, or any device that supports WebAuthn/U2F.
  4. Install Tailscale. Log in using the "email" given in step 1 and the password you set in step 2.
  5. It is recommended that you disable incoming connections via Tailscale, do not use Tailscale's DNS settings, and do not accept any routes provided by Tailscale.
    • On Linux, accomplish this by running sudo tailscale up --shields-up --accept-dns=false --accept-routes=false. These flags are not persisted between calls to tailscale up, so ensure you specify them each time you run that command.
    • On Windows and macOS these settings are available by clicking the Tailscale icon in the system tray or menu bar. Uncheck all of the various features found in the Preferences section.
    • Changing these settings is currently not possible using Android or iOS. Instead, only actively connect to the Tailscale VPN when you need to make use of SSH and disconnect once you are done.

Connecting

  1. Log into Tailscale on the device if you haven't already. You will need to re-authenticate every 180 days.
  2. SSH to lykos@ssh.werewolf.chat. You do not need to provide any password or have any particular SSH key present on your device; Tailscale handles the authentication instead.
Retrieved from "https://werewolf.chat/w/index.php?title=Libera:SSH&oldid=1842"