Connect to a server (SSH)

One-time setup

Ask a systems administrator to add your public SSH key to the relevant ssh list in the server’s Pillar file.

On machines running Docker, use SSH as usual. For example:

ssh USER@collect.kingfisher.open-contracting.org

These machines include:

credere.open-contracting.org data.open-contracting.org

redash.open-contracting.org *.kingfisher.open-contracting.org

On machines not running Docker, the SSH port is closed by default. The easiest way to open it depends on whether your IP address is dynamic or static.

Dynamic IP: Port knock

To open the SSH port for 30 seconds, send traffic to port 8255, replacing example.open-contracting.org with the server you want to connect to:

curl --silent --connect-timeout 1 example.open-contracting.org:8255 || true

You can then use ssh as usual. Once you’re connected, the server will close the port, but not your connection.

Note

Port 8255 returns no data. Without --connect-timeout 1, curl waits forever for a response.

Static IP: Allow list

1. Add your IP address(es) to the ssh_ipv4 and ssh_ipv6 list(s) in the common private Pillar file

2. Add your full name in a comment

3. Deploy all services

If you’re unsure, contact sysadmin@open-contracting.org.