db-lab bastion hosts

For a user to login to the db-lab hosts, a user’s ssh key needs to be in the chef-repo users data_bags, and the groups should include db-lab role.

"groups": [
    "db-lab"
]

If the user’s ssh key is not present in the data bags this runbook explains how to add ssh keys to the chef-repo. NOTE: an access request is required when adding ssh keys to the chef-repo.

Add the following to your ~/.ssh/config (specify your username and path to ssh private key):

Host lb-bastion.db-lab.gitlab.com
  User                            YOUR_SSH_USERNAME
  IdentityFile                    ~/.ssh/id_rsa


Host *.gitlab-db-lab.internal
        User                            YOUR_SSH_USERNAME
        PreferredAuthentications        publickey
        IdentityFile                    ~/.ssh/id_rsa
        ProxyCommand                    ssh lb-bastion.db-lab.gitlab.com -W %h:%p

Once your config is in place, test it by connecting via SSH to the bastion host:

ssh lb-bastion.db-lab.gitlab.com

db-lab bastion hosts

How to configure ssh login