l3d.auth

Ansible Role: Auth

This Ansible role helps you manage and set up SSH keys for both admin and non-admin users on Linux systems.

Intended Use

This role focuses on placing the correct SSH public keys for the right users based on your settings. It works together with other roles that help you to create users and groups, set up SSH daemon (sshd), and install helpful packages.

Suggested Roles for Managing Your Linux Hosts:

do1jlr.base: Installs useful packages.
do1jlr.users: Creates users and manages sudo permissions.
do1jlr.auth: This role for SSH keys.
do1jlr.sshd: Configures SSH daemon (sshd).
do1jlr.dotfiles: Deploys personal configuration files (dotfiles).

Important Note:

The roles use the same settings to create user accounts, but they need to be applied in the right order. For example, you must create a user before you can add their SSH key.

Variables

admins (default: []): A list of SSH keys that can log in as root.
accounts (default: []): A list of usernames that will be created on the host if they don't already exist.
users (default: {}): A dictionary mapping user names to their allowed SSH keys for logging into their accounts.
ssh_public_key_store (default: ssh_public_keys): Directory where public key files are located.

For more variables, check out defaults/main.yml.

To add extra SSH keys from GitHub to a user, use the github_users: {} setting.

Files

This role expects the public parts of SSH keys to be stored in the directory specified by ssh_public_key_store. The files should be named in a format like username_idalg.pub, where username matches the user for whom the key is meant.

Examples

To allow Alice and Bob to log in and have root access using sudo:

admins:
  - alice
  - bob

To enable Alice, Bob, and Eve to log into their personal accounts via SSH:

users:
  alice:
    - alice
  eve:
    - eve@device1
    - eve@device2

This means Eve can log in using two different SSH keys, while Alice uses just one.

The directory files/ssh_public_keys/ should contain these files:

alice_ed25519.pub
bob_ed25519.pub
eve@device1_ed25519.pub
eve@device2_ed25519.pub

To create user accounts for Alice, Bob, and Eve:

accounts:
  - alice
  - bob
  - eve

To add SSH keys for the GitHub user DO1JLR to the local user L3D:

github_users:
  l3d:
    - do1jlr

Generate ed25519 SSH Keys

To create ed25519 SSH keys, run:

ssh-keygen -t ed25519

Informazioni sul progetto

Ansible Rolle to manage and deploy ssh keys of admin and non-admin users

role admin auth base keys posix pubkeys setup ssh

Installa

ansible-galaxy install l3d.auth

GitHub repository

2 stelle

0 fork

1 problemi aperti

Licenza

mit

Download

287

Proprietario

Ansible Roles

Ansible roles provide a framework for fully independent, or interdependent collections of variables,tasks,files,templates &modules. Here we maintain some. enjoy