[Mirror] Ansible Rolle zur verwaltung SSH Keys
L3D d1702c52f8
Update main.yml
6 days ago
defaults Update main.yml 6 days ago
files/home_environment some more or **less** usefull aditions 5 months ago
tasks improve role 3 weeks ago
templates improve role 3 weeks ago
vars improve and bugfix ssh auth 1 month ago
README.md more dynamic configuration 1 month ago

README.md

role-ssh_authorized_keys

Ansible Rolle to setup users and deploy your ssh keys

Variables

  • admins (default []):
    A list of ssh keys allowed to log in as root.

  • accounts (defailt []):
    A list of usernames theat will be created on this host, if they don’t exisit

  • users (default {}):
    A dict of user names mapping to lists of ssh keys allowed to log in to the given user account.

  • ssh_public_key_store (default ssh_public_keys):
    A directory path where the public key files can be found by ansible.

For aditional variables please have a look into defaults/main.yml!

Files

This role assumes that the public parts of all required ssh keys can be found within the directory ssh_public_key_store. The file names must follow the convention: username_idalg.pub are are matched by the username part.

Examples

Alice and Bob may log in and are allowed to become root with the sudo command on this host:

admins:
  - alice
  - bob

Alice, Bob and Eve may log in to ther own user accounts via ssh:

users:
  alice:
    - alice
  eve:
    - eve@device1
    - eve@device2

Eve can do so with two different ssh keys. Alice only with his only SSH Key.

The files/ssh_public_keys/ contains the following files:

alice_id25519.pub
bob_id25519.pub
eve@device1_id25519.pub
eve@device2_id25519.pub

Alice, Bob and Eve want to be users on this host:

accounts:
  - alice
  - bob
  - eve

Generate ed25519 SSH Keys

ssh-keygen -t ed25519