Skip to content
This repository was archived by the owner on Nov 19, 2024. It is now read-only.

Improve info about managing SSH keys in Cloud Guide #8364

Merged
merged 8 commits into from
Dec 17, 2020
Merged

Improve info about managing SSH keys in Cloud Guide #8364

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
54c06f9
Fix broken link in Cloud Guide
meker12 Dec 9, 2020
5374188
Add tip for managing SSH keys on Cloud projects
meker12 Dec 9, 2020
8e975d3
Update src/_includes/cloud/enable-ssh.md
meker12 Dec 9, 2020
224707e
Fix lint error
meker12 Dec 9, 2020
1d9f528
Replace ssh-keygen instructions with link
meker12 Dec 15, 2020
2853986
Apply suggestions from code review
meker12 Dec 15, 2020
0b6e486
Merge branch 'master' into mae-fix-cloud-guide-link
meker12 Dec 17, 2020
77b844e
Merge branch 'master' into mae-fix-cloud-guide-link
meker12 Dec 17, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/_includes/cloud/enable-ssh.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,9 @@ To add an SSH key using the CLI:
```bash
magento-cloud ssh-key:add ~/.ssh/id_rsa.pub
```

{:.bs-callout-tip}
You can list and delete SSH keys using the Magento Cloud CLI commands `magento-cloud ssh-key:list` and `magento-cloud ssh-key:delete`.

### Add a key using the Project Web Interface {#add-key-web}

Expand All @@ -165,6 +168,9 @@ To add an SSH key using the Project Web Interface:

1. Follow the prompts on your screen to complete the task.

{:.bs-callout-tip}
You can view and manage SSH keys on your account in Account settings. In the upper right corner of the Project Web interface, click click <your-user-name> > Account Settings.

## Set global Git variables

Set required global Git variables on the machine to commit or push to a Git branch. These variables set Git credentials for accessing your GitHub account.
Expand Down
12 changes: 6 additions & 6 deletions src/cloud/project/user-admin.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ You can manage access to {{site.data.var.ece}} projects by adding users and assi

## Add user authentication requirements

For added security, Magento provides project-level MFA enforcement to require two-factor authentication for SSH access to {{ site.data.var.ece }} project source code and environments. See [MFA enforcement for SSH].
For added security, Magento provides project-level MFA enforcement to require two-factor authentication for SSH access to {{ site.data.var.ece }} project source code and environments. See [Enable MFA for SSH].

When MFA enforcement is enabled on a {{site.data.var.ece}} project, all users with SSH access to an environment in that project must enable two-factor authentication (TFA) on their {{site.data.var.ece}} account. For automated processes, users must create an API token that machine users can use to authenticate from the command line. See [Enable user accounts for TFA and SSH access](#update-account-security-settings).

Expand All @@ -44,7 +44,7 @@ To add a user to a project or environment, you need the email address associated

### Manage users with the CLI {#cloud-user-mg-cli}

You can use the {{site.data.var.ece}} command line client to manage users and integrate this with any other automated system.
Use the {{site.data.var.ece}} command line client to manage users and integrate this with any other automated system.

Available commands:

Expand Down Expand Up @@ -175,17 +175,17 @@ After you add a user to a Cloud project, ask the user to review their account se

- Enable two-factor authentication (TFA)

Magento recommends adding two-factor authentication to all accounts to meet security and compliance standards. Projects configured with [MFA enforcement][] require two-factor authentication for all accounts that require SSH access to {{site.data.var.ece}} projects.
Magento recommends adding two-factor authentication to all accounts to meet security and compliance standards. Projects configured with [MFA enforcement][Enable MFA for SSH] require two-factor authentication on accounts that use SSH to access the projects.

- Enable SSH keys

Users that require access to {{site.data.var.ece}} source code repositories and infrastructure must enable SSH keys on their account. See [Enable SSH keys][].

- Create an API token

You can generate an API token on your account that can be used for secure SSH access to an environment. You need the token to enable authentication workflows for automated processes.
Users can generate an API token that can be used for secure SSH access to an environment. You need the token to enable authentication workflows for automated processes.

On projects with MFA enforcement enabled, you must use the API token to authenticate SSH access requests from automated accounts to bypass authentication workflows which require two-factor authentication.
On projects with MFA enforcement enabled, you must use the API token to authenticate SSH access requests from automated accounts. The token allows automated processes to bypass authentication workflows which require two-factor authentication.

### Enable TFA for Cloud accounts

Expand Down Expand Up @@ -319,5 +319,5 @@ To create an API token:
[FreeOTP (Android)]: https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp
[GAuth Authenticator (Firefox OS, desktop, others)]: https://github.com/gbraad/gauth
[Google Authenticator (Android/iPhone/BlackBerry)]: https://support.google.com/accounts/answer/1066447?hl=en
[MFA enforcement]: {{ site.baseurl }}/cloud/project/project-enable-mfa-enforcement.html
[Enable MFA for SSH]: {{ site.baseurl }}/cloud/project/project-enable-mfa-enforcement.html
[snapshots]: {{ site.baseurl }}/cloud/project/project-webint-snap.html