[Mirror] Ansible Rolle zur verwaltung SSH Keys
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.


role ssh_authorized_keys

Ansible Rolle to manage and deploy ssh keys of admin and non-admin users


It is highly recomended to use this role together with a role to manage users and to manage the sshd configuration.
The following roles are tested in combination and work well - at least for the user DO1JLR:


Deploy the manage_users role *before* deploying the ssh keys.
If the user does not exist it is hard to add a ssh key for him!


  • admins (default []):
    A list of ssh keys allowed to log in as root.

  • accounts (default []):
    A list of usernames that will be created on this host, if they don’t exisit

  • users (default {}):
    A dict of user names mapping to lists of ssh keys allowed to log in to the given user account.

  • ssh_public_key_store (default ssh_public_keys):
    A directory path where the public key files can be found by ansible.

For aditional variables please have a look into defaults/main.yml!

To add extra SSH Keys from github to a user use the github_users: {} settings


This role assumes that the public parts of all required ssh keys can be found within the directory ssh_public_key_store. The file names must follow the convention: username_idalg.pub are are matched by the username part.


Alice and Bob may log in and are allowed to become root with the sudo command on this host:

  - alice
  - bob

Alice, Bob and Eve may log in to ther own user accounts via ssh:

    - alice
    - eve@device1
    - eve@device2

Eve can do so with two different ssh keys. Alice only with his only SSH Key.

The files/ssh_public_keys/ contains the following files:


Alice, Bob and Eve want to be users on this host:

  - alice
  - bob
  - eve

Add ssh keys from github user DO1JLR for local user L3D

    - do1jlr

Generate ed25519 SSH Keys

ssh-keygen -t ed25519