TJ CSL
  • TJ CSL
  • Services
    • Ion
      • Development
        • Overview
        • Setup
          • Docker Setup
          • Vagrant Setup
        • Environment
        • Fixtures
        • PR Workflow
        • Style Guide
        • Maintainer Workflow
        • Repository Maintenance
        • Data Generation
      • Production
      • User Experience
        • User Interface
    • Director
      • Development
        • Vagrant Setup
        • PR Workflow
        • Style Guide
        • Maintainer Workflow
      • Production
    • Workstations
    • Signage
      • Setup
      • Administration
      • Monitoring
      • Troubleshooting
      • Experimental
        • IonTap
        • SignageAdmin
    • Remote Access
      • Setup
      • Administration
    • Cluster
      • FAQ
      • Setup
        • SSH Setup
      • Administration
      • Slurm
      • Slurm Administration
      • Borg
    • Printing
      • Setup
      • Troubleshooting
    • WWW
      • Administration
      • Sites
        • Web Proxy
      • Setup
      • Troubleshooting
    • Academic Services
      • Tin
      • Othello
        • Administration
        • Setup
  • Technologies
    • Web
      • Nginx
      • Django
      • PHP-FPM
      • Node.js
      • Supervisord
    • DBs
      • PostgreSQL
      • MySQL
    • Authentication
      • Passcard
        • GPG Usage
      • SSHD
        • SSH Passwordless Login
      • FreeIPA
    • Storage
      • NFS
      • Ceph
        • Setup
        • Backups
        • CephFS
    • Operating Systems
      • Ubuntu Server
      • AlmaLinux
      • Debian
    • Tools
      • Ansible
      • Slack
      • GitBook
      • GitLab
        • Setup
        • Updating
    • Virtualization
      • QEMU/KVM
      • Libvirt
    • Advanced Computing
      • MPI
      • Tensorflow
    • Networking
      • Netbox
      • Cisco
      • Netboot
      • DNS
      • DHCP
      • NTP
      • BGP
    • Mail
      • Postfix
      • Dovecot
    • Monitoring
      • Prometheus
      • Grafana
      • Sentry
      • Uptime Robot
  • Machines
    • VM Servers
      • Utonium
      • Blossom
      • Bubbles
      • Buttercup
      • Antipodes
      • Chatham
      • Cocos
      • Galapagos
      • Gandalf
      • Gorgona
      • Overlord
      • Waverider
      • Torch
    • Ceph
      • Karel
      • Stobar
      • Wumpus
      • Waitaha
      • Barrel
      • Valdes
    • HPC Cluster
      • Zoidberg
    • Borg Cluster
    • Compute Sticks
    • Other
      • ASM
      • Duke
      • Snowy
      • Sauron
      • Sun Servers
        • Altair
        • Centauri
        • Deneb
        • Sirius
        • Vega
        • Betelgeuse
        • Ohare
    • Switches
      • Core0
      • Xnor
      • Xor
      • Imply
    • UPS
    • History
      • 2008 Sun AEG
      • 2011 Sun Upgrades
      • 2017 VM Disaster
      • 2018 Purchases
      • 2018 Cephpocalypse
    • VLANs
    • Remote Management
      • iLO
      • LOMs
    • Understudy
      • Switch Configuration
      • Server Configuration
        • Setting Up the Operating System
        • Network Configuration
        • Saruman
        • Fiordland
  • General
    • Sysadmins List
    • Organization
    • Documentation
      • Security
      • Runbooks
    • Communication
      • Terminology
    • Understudies
    • Account Structure
    • Machine Room
    • Branding
    • History
      • Fridge
      • The Brick
  • Procedures
    • Data Recovery
    • Account Provisioning
    • tjSTAR
      • Tech Support
    • Onboarding
      • New Sysadmin Onboarding
  • Guides
    • VM Creation
    • sshuttle Usage
    • Linux Wifi Setup
    • VNC Usage
    • Password Changes
    • Sun Server RAID Configuration
  • Policies
    • Data Release Policy
    • Upgrade Policy
    • Account Policy
    • Election Policy
  • Obsolete
    • Arcturus
    • Chuku
    • Cray SV1 Supercomputer
    • Ekhi
    • Mihr
    • Moloch
    • Sol
    • Rockhopper
    • Kerberos
    • LDAP
    • Agni
    • Moon
    • Apocalypse
    • AFS
      • OpenAFS
      • Setup
      • Client Setup
      • Administration
      • Troubleshooting
      • Directory Structure
      • Backups
      • Cross-Cell Authentication
    • Observium
    • OpenVPN
Powered by GitBook
On this page
  • Requirements
  • Accessing the Passcard
  • Using the Passcard
  1. Technologies
  2. Authentication

Passcard

PreviousAuthenticationNextGPG Usage

Last updated 1 year ago

The CSL passcard contains the root passwords for all CSL systems. The passcard is maintained in a git repository hosted on GitLab. The repository is maintained by the lead Sysadmins and any questions, concerns or bug reports should be directed to them.

Requirements

To use the passcard system, you must have the following:

  • Git

  • GPG

  • A GPG key

    • If you are using the official CSL passcard, the public key should be signed by a lead Sysadmin or by someone with all the lead Sysadmins in their trustnet and also stored on a public keyserver.

  • Python3

    • To use the wrapper script

Accessing the Passcard

The git repository is accessible via GitLab at . To clone the repository, run the following command: git clone git@gitlab.tjhsst.edu:sysadmins/keybase-passcard.git. You can clone it from outside the TJ network, but to access the passcard repository you MUST have a GitLab account.

Using the Passcard

The passcard git repository has a wrapper script (passcard.py) along with GPG encrypted passwords individually encrypted in the passwords folder. Since the passwords are individually encrypted, each password is encrypted with the keys of the people who should have access to it. For example, somebody can have access to 's password without having access to 's password. You can use gpg yourself and decrypt these passwords, or you can use the wrapper script which does it all for you.

For help with the wrapper script, run it without any arguments. Here are the commands you can use:

./passcard.py get antipodes will show you the decrypted password for antipodes and antipodes-ilo (to use most commands, you must have gpg installed with your private key imported).

./passcard.py dump will make a nice, two-column passcard to stdout of all the passwords you have access to.

./passcard.py addkey antipodes "Chris Reffett" will add Chris Reffett's public key to the antipodes passcard so he can then decrypt it.

./passcard.py add will give you an interface for adding a new passcard.

Changes to the passcard locally will be pushed automatically by the script to the GitLab repository.

There is also a file sysadmin_keys.txt in the repository that contains GPG keys for each of the Sysadmins, as well as the faculty sponsor. Import them at your own risk, but if you wish to import all of them, you can do that with cat sysadmin_keys.txt | grep -v '#' | grep -Po "0x[0-9A-Za-z]+" | xargs gpg --recv-keys on a Linux system.

gitlab.tjhsst.edu/sysadmins/passcard
Core0
Waitaha