From c9c413ed7f3c7836793c1334e06a005f79a7b7ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lesimple?= Date: Wed, 27 Apr 2022 14:05:28 +0000 Subject: [PATCH] doc: add note about root access for installation --- doc/sphinx/installation/basic.rst | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/doc/sphinx/installation/basic.rst b/doc/sphinx/installation/basic.rst index 137528a..552066b 100644 --- a/doc/sphinx/installation/basic.rst +++ b/doc/sphinx/installation/basic.rst @@ -66,9 +66,20 @@ Great care has been taken to write secure, tested code, but of course this is wo is a hacker highway. Ensuring that all the layers below the bastion code (the operating system and the hardware it's running on) is your job. +2. Connect to your server as root +================================= + +You'll need to be connected to your server as root to perform the installation. If you're using root password +authentication through SSH to do so, note that during the installation, as the SSH server configuration +will be hardened, the SSH password authentication will be disabled server-wide. + +Hence, to access your server, please set up an SSH public key authentication instead of a password authentication, +and do so before proceeding with the next steps. Otherwise you might lose access to your own server once the +SSH hardening will be in effect, as password authentication will then be disabled. + .. _install-basic_get-the-code: -2. Get the code +3. Get the code =============== The bastion code usually lives under ``/opt/bastion``. @@ -97,7 +108,7 @@ You should end up with directories such as ``bin``, ``lib``, etc. directly under .. _install-basic_install-packages: -3. Install the needed packages +4. Install the needed packages ============================== For the supported Linux distros (see above), you can simply run: @@ -132,7 +143,7 @@ you'll also need to install the ``yubico-piv-checker`` `helper tool