[Mirror] Ansible Rolle zur verwaltung SSH Keys
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2 yıl önce
2 yıl önce
2 yıl önce
2 yıl önce
1 yıl önce
1 yıl önce
1 yıl önce
1 yıl önce
1 yıl önce
1 yıl önce
1 yıl önce
1 yıl önce
1 yıl önce
1 yıl önce
2 yıl önce
1 yıl önce
2 yıl önce
1 yıl önce
2 yıl önce
1 yıl önce
2 yıl önce
1 yıl önce
1 yıl önce
1 yıl önce
2 yıl önce
1 yıl önce
2 yıl önce
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
  1. role ssh_authorized_keys
  2. ==============================
  3. Ansible Rolle to manage and deploy ssh keys of admin and non-admin users
  4. combinations
  5. ---------------
  6. It is highly recomended to use this role together with a role to manage users and to manage the sshd configuration.<br/>
  7. The following roles are tested in combination and work well - at least for the user [DO1JLR](https://github.com/do1jlr):
  8. - [github.com/chaos-bodensee/role-manage_users](https://github.com/chaos-bodensee/role-manage_users.git)
  9. - [github.com/chaos-bodensee/role-ssh_authorized_keys](https://github.com/chaos-bodensee/role-ssh_authorized_keys.git) *(this one)*
  10. - [github.com/chaos-bodensee/role_sshd](https://github.com/chaos-bodensee/role_sshd.git)
  11. ```txt
  12. Protipp:
  13. Deploy the manage_users role *before* deploying the ssh keys.
  14. If the user does not exist it is hard to add a ssh key for him!
  15. ```
  16. Variables
  17. ---------
  18. * ``admins`` (default ``[]``):<br/>
  19. A list of ``ssh`` keys allowed to log in as `root`.
  20. * ``accounts`` (default ``[]``):<br/>
  21. A list of usernames that will be created on this host, if they don't exisit
  22. * `users` (default `{}`):<br/>
  23. A dict of user names mapping to lists of ``ssh`` keys
  24. allowed to log in to the given user account.
  25. * ``ssh_public_key_store`` (default ``ssh_public_keys``):<br/>
  26. A directory path where the public key files can be found by ansible.
  27. For aditional variables please have a look into ``defaults/main.yml``!
  28. To add extra SSH Keys from github to a user use the ``github_users: {}`` settings
  29. Files
  30. -----
  31. This role assumes that the *public* parts of all required ``ssh`` keys
  32. can be found within the directory ``ssh_public_key_store``. The file
  33. names must follow the convention: ``username_idalg.pub`` are are matched
  34. by the ``username`` part.
  35. Examples
  36. --------
  37. Alice and Bob may log in and are allowed to become ``root`` with the ``sudo`` command on this host:
  38. ```
  39. admins:
  40. - alice
  41. - bob
  42. ```
  43. Alice, Bob and Eve may log in to ther own user accounts via ssh:
  44. ```
  45. users:
  46. alice:
  47. - alice
  48. eve:
  49. - eve@device1
  50. - eve@device2
  51. ```
  52. Eve can do so with two different `ssh` keys. Alice only with his only SSH Key.
  53. The `files/ssh_public_keys/` contains the following files:
  54. ```
  55. alice_ed25519.pub
  56. bob_ed25519.pub
  57. eve@device1_ed25519.pub
  58. eve@device2_ed25519.pub
  59. ```
  60. Alice, Bob and Eve want to be users on this host:
  61. ```
  62. accounts:
  63. - alice
  64. - bob
  65. - eve
  66. ```
  67. Add ssh keys from github user ``DO1JLR`` for local user L3D
  68. ```
  69. github_users:
  70. l3d:
  71. - do1jlr
  72. ```
  73. Generate ed25519 SSH Keys
  74. --------------------------------
  75. ```bash
  76. ssh-keygen -t ed25519
  77. ```