[Mirror] Ansible Rolle zur verwaltung SSH Keys
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Lilian Roller 07b286acf1
test parameter for logs
4 days ago
.github Update Founding Info 3 weeks ago
defaults Cleanup old files 4 days ago
tasks test parameter for logs 4 days ago
templates improve usage of variables 4 months ago
vars Cleanup old files 4 days ago
LICENSE Update LICENSE Information 5 months ago
README.md Migrate all user tasks to new user manage role 4 days ago

README.md

role ssh_authorized_keys

Ansible Rolle to manage and deploy ssh keys of admin and non-admin users

combinations

It is highly recomended to use this role together with a role to manage users and to manage the sshd configuration.
The following roles are tested in combination and work well - at least for the user DO1JLR:

Protipp:

Deploy the manage_users role *before* deploying the ssh keys.
If the user does not exist it is hard to add a ssh key for him!

Variables

  • admins (default []):
    A list of ssh keys allowed to log in as root.

  • accounts (default []):
    A list of usernames that will be created on this host, if they don’t exisit

  • users (default {}):
    A dict of user names mapping to lists of ssh keys allowed to log in to the given user account.

  • ssh_public_key_store (default ssh_public_keys):
    A directory path where the public key files can be found by ansible.

For aditional variables please have a look into defaults/main.yml!

Files

This role assumes that the public parts of all required ssh keys can be found within the directory ssh_public_key_store. The file names must follow the convention: username_idalg.pub are are matched by the username part.

Examples

Alice and Bob may log in and are allowed to become root with the sudo command on this host:

admins:
  - alice
  - bob

Alice, Bob and Eve may log in to ther own user accounts via ssh:

users:
  alice:
    - alice
  eve:
    - eve@device1
    - eve@device2

Eve can do so with two different ssh keys. Alice only with his only SSH Key.

The files/ssh_public_keys/ contains the following files:

alice_id25519.pub
bob_id25519.pub
eve@device1_id25519.pub
eve@device2_id25519.pub

Alice, Bob and Eve want to be users on this host:

accounts:
  - alice
  - bob
  - eve

Generate ed25519 SSH Keys

ssh-keygen -t ed25519