[Mirror] Ansible Rolle zur verwaltung SSH Keys
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
L3D bf16a2583f
Fix typo in README
il y a 2 mois
.github Fix typo in README il y a 2 mois
defaults Add new mechanismeus: github keys il y a 1 an
tasks update versionscheck il y a 2 mois
templates improve usage of variables il y a 1 an
vars Create only change if not using github ssh keys il y a 11 mois
LICENSE Update LICENSE Information il y a 1 an
README.md Fix typo in README il y a 2 mois

README.md

role ssh_authorized_keys

Ansible Rolle to manage and deploy ssh keys of admin and non-admin users

combinations

It is highly recomended to use this role together with a role to manage users and to manage the sshd configuration.
The following roles are tested in combination and work well - at least for the user DO1JLR:

Protipp:

Deploy the manage_users role *before* deploying the ssh keys.
If the user does not exist it is hard to add a ssh key for him!

Variables

  • admins (default []):
    A list of ssh keys allowed to log in as root.

  • accounts (default []):
    A list of usernames that will be created on this host, if they don’t exisit

  • users (default {}):
    A dict of user names mapping to lists of ssh keys allowed to log in to the given user account.

  • ssh_public_key_store (default ssh_public_keys):
    A directory path where the public key files can be found by ansible.

For aditional variables please have a look into defaults/main.yml!

To add extra SSH Keys from github to a user use the github_users: {} settings

Files

This role assumes that the public parts of all required ssh keys can be found within the directory ssh_public_key_store. The file names must follow the convention: username_idalg.pub are are matched by the username part.

Examples

Alice and Bob may log in and are allowed to become root with the sudo command on this host:

admins:
  - alice
  - bob

Alice, Bob and Eve may log in to ther own user accounts via ssh:

users:
  alice:
    - alice
  eve:
    - eve@device1
    - eve@device2

Eve can do so with two different ssh keys. Alice only with his only SSH Key.

The files/ssh_public_keys/ contains the following files:

alice_ed25519.pub
bob_ed25519.pub
eve@device1_ed25519.pub
eve@device2_ed25519.pub

Alice, Bob and Eve want to be users on this host:

accounts:
  - alice
  - bob
  - eve

Add ssh keys from github user DO1JLR for local user L3D

github_users:
  l3d:
    - do1jlr

Generate ed25519 SSH Keys

ssh-keygen -t ed25519