ssh-authorize
cans.ssh-authorize
A simple role to setup SSH authorization on user account in bulk
Given a directory (public_keys
by default) that contains a set of
files each containing a public key, merges those files to produce the
~/.ssh/authorized_keys
file on the remote user account.
The actual file created depends on the value of several variables:
"{{sshauthz_homes_dir}}/{{sshauthz_user}}/{{sshauthz_ssh_config_dirname}}/{{sshauthz_authorized_keys_filename}}"
Which allows for fairly particualar setup if needed. But of course default value for those variable should be applicable for most setups.
Note: As this role operates in a quite blunt fashion, for efficiency reasons, to avoid locking you out of the machine, this role offers a mecanism to check you key exists in the source directory
Requirements
This role has no particular requirements.
Role variables
Defaults
- `sshauthz_homes_dir: base directory for user accounts on the remote host (default: "/home")
sshauthz_user
: the remote account for which set authorizations (default: "{{ansible_user_id}}")sshauthz_ssh_config_dirname
: (default: ".ssh")sshauthz_authorized_keys_filename
: Name of the authorization file on the remote host (default: "authorized_keys")sshauthz_keys_directory
: directory in which find the keys to authorize on the remote account (default "{{ playbook_dir + '/files/public_keys/default' }}")
Dependencies
This roles has no dependency.
Example playbook
- hosts: etl, proxy
roles:
- { role: ssh-access, sshauthz_user: remus }
- { role: ssh-access, sshauthz_user: romolus, sshauthz_keys_directory: '~/public_keys' }
License
GPLv2
Author Information
Copyright © 2017, Nicolas CANIART.
ansible-galaxy install cans/ssh-authorize