FFBSee
/
role-ssh_authorized_keys
kopie van https://github.com/ffbsee/role-ssh_authorized_keys.git
Volgen 9
Ster 0
Vork 0
Code Kwesties 0 Publicaties 0 Wiki Activiteit
[Mirror] Ansible Rolle zur verwaltung SSH Keys
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55 Commits
3 Branches
Branch: master
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van 'master'
${ noResults }
role-ssh_authorized_keys/README.md

README.md 2.6KB
Ruw Permalink Normal View Geschiedenis

Update README with ideas for new user management
1 jaar geleden
Update README.md
2 jaren geleden
Update README with ideas for new user management
1 jaar geleden
Update README.md
2 jaren geleden
Update README with ideas for new user management
1 jaar geleden
Migrate all user tasks to new user manage role
1 jaar geleden
Update README with ideas for new user management
1 jaar geleden
Update README.md
2 jaren geleden
Migrate all user tasks to new user manage role
1 jaar geleden
Update README.md
2 jaren geleden
Rewrite role
1 jaar geleden
Improve README
1 jaar geleden
Rewrite role
1 jaar geleden
Update README with ideas for new user management
1 jaar geleden
Rewrite role
1 jaar geleden
Improve README
1 jaar geleden
Rewrite role
1 jaar geleden
Improve README
1 jaar geleden
Rewrite role
1 jaar geleden
more dynamic configuration
1 jaar geleden
Rewrite role
1 jaar geleden
Add new mechanismeus: github keys It is now possible to add useres via github username \o/
1 jaar geleden
Rewrite role
1 jaar geleden
enable adding normal users
2 jaren geleden
Update README.md
2 jaren geleden
Rewrite role
1 jaar geleden
Update README.md
2 jaren geleden
Rewrite role
1 jaar geleden
Update README.md
2 jaren geleden
Rewrite role
1 jaar geleden
Update README.md
2 jaren geleden
Fix typo in README
4 maanden geleden
Rewrite role
1 jaar geleden
Improve README
1 jaar geleden
Add new mechanismeus: github keys It is now possible to add useres via github username \o/
1 jaar geleden
Improve README
1 jaar geleden
Update README.md
2 jaren geleden
Rewrite role
1 jaar geleden
Update README.md
2 jaren geleden
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101 
  1.  role ssh_authorized_keys

  2. ==============================

  3. Ansible Rolle to manage and deploy ssh keys of admin and non-admin users

  4. 

  5.  combinations

  6. ---------------

  7. It is highly recomended to use this role together with a role to manage users and to manage the sshd configuration.<br/>

  8. The following roles are tested in combination and work well - at least for the user [DO1JLR](https://github.com/do1jlr):

  9.  - [github.com/chaos-bodensee/role-manage_users](https://github.com/chaos-bodensee/role-manage_users.git)

  10.  - [github.com/chaos-bodensee/role-ssh_authorized_keys](https://github.com/chaos-bodensee/role-ssh_authorized_keys.git) *(this one)*

  11.  - [github.com/chaos-bodensee/role_sshd](https://github.com/chaos-bodensee/role_sshd.git)

  12. 

  13. ```txt

  14. Protipp:

  15. 

  16. Deploy the manage_users role *before* deploying the ssh keys.

  17. If the user does not exist it is hard to add a ssh key for him!

  18. ```

  19. 

  20.  Variables

  21. ---------

  22. 

  23. * ``admins`` (default ``[]``):<br/>

  24.   A list of ``ssh`` keys allowed to log in as `root`.

  25. 

  26. * ``accounts`` (default ``[]``):<br/>

  27.   A list of usernames that will be created on this host, if they don't exisit

  28. 

  29. * `users` (default `{}`):<br/>

  30.   A dict of user names mapping to lists of ``ssh`` keys

  31.   allowed to log in to the given user account.

  32. 

  33. * ``ssh_public_key_store`` (default ``ssh_public_keys``):<br/>

  34.   A directory path where the public key files can be found by ansible.

  35. 

  36. For aditional variables please have a look into ``defaults/main.yml``!

  37. 

  38. To add extra SSH Keys from github to a user use the ``github_users: {}`` settings

  39. 

  40.  Files

  41. -----

  42. 

  43. This role assumes that the *public* parts of all required ``ssh`` keys

  44. can be found within the directory ``ssh_public_key_store``. The file

  45. names must follow the convention: ``username_idalg.pub`` are are matched

  46. by the ``username`` part.

  47. 

  48. 

  49.  Examples

  50. --------

  51. 

  52. Alice and Bob may log in and are allowed to become ``root`` with the ``sudo`` command on this host:

  53. 

  54. ```

  55. admins:

  56.   - alice

  57.   - bob

  58. ```

  59. 

  60. Alice, Bob and Eve may log in to ther own user accounts via ssh:

  61. ```

  62. users:

  63.   alice:

  64.     - alice

  65.   eve:

  66.     - eve@device1

  67.     - eve@device2

  68. ```

  69. Eve can do so with two different `ssh` keys. Alice only with his only SSH Key.

  70. 

  71. 

  72. The `files/ssh_public_keys/` contains the following files:

  73. 

  74. ```

  75. alice_ed25519.pub

  76. bob_ed25519.pub

  77. eve@device1_ed25519.pub

  78. eve@device2_ed25519.pub

  79. ```

  80. 

  81. Alice, Bob and Eve want to be users on this host:

  82. ```

  83. accounts:

  84.   - alice

  85.   - bob

  86.   - eve

  87. ```

  88. 

  89. Add ssh keys from github user ``DO1JLR`` for local user L3D

  90. ```

  91. github_users:

  92.   l3d:

  93.     - do1jlr

  94. ```

  95.  Generate ed25519 SSH Keys

  96. --------------------------------

  97. 

  98. ```bash

  99. ssh-keygen -t ed25519

  100. ```

  101.