pubkeys
ansible role pubkeys
Ansible Rolle to manage and deploy ssh keys of admin and non-admin users
THIS ROLE IS BEEING REWRITTEN!
intended use
This role is designed to manage linux hosts with the following roles. This role here basically only focuses on deploying the correct ssh public keys to the correct users depending on the configuration. Other roles icreating users and groups, configure sshd, roll out dotfiles or install a number of useful packages.
A list of suggested roles to manage your linux host:
- do1jlr.base install some useful packages
- do1jlr.users create user and manage sudoers
- do1jlr.auth
- do1jlr.sshd configure sshd
- do1jlr.dotfiles deploy some fancy dotfiles
Good to know:
The listed roles use the same variables to create accounts, admins and so on. But the roles have to run in the correct order to work properly. For example you can't deploy a ssh public key for a user that is not created.
Variables
admins
(default[]
):
A list ofssh
keys allowed to log in asroot
.accounts
(default[]
):
A list of usernames that will be created on this host, if they don't exisitusers
(default{}
):
A dict of user names mapping to lists ofssh
keys allowed to log in to the given user account.ssh_public_key_store
(defaultssh_public_keys
):
A directory path where the public key files can be found by ansible.
For aditional variables please have a look into defaults/main.yml
!
To add extra SSH Keys from github to a user use the github_users: {}
settings
Files
This role assumes that the public parts of all required ssh
keys
can be found within the directory ssh_public_key_store
. The file
names must follow the convention: username_idalg.pub
are are matched
by the username
part.
Examples
Alice and Bob may log in and are allowed to become root
with the sudo
command on this host:
admins:
- alice
- bob
Alice, Bob and Eve may log in to ther own user accounts via ssh:
users:
- name: alice
keys:
- 'ssh-ed25519 AAA... alice@localhost'
- name: 'eve'
keys:
- 'https://github.com/do1jlr.keys'
- 'ssh-ed25519 AAA... eve@localhost'
Eve can do so with two different ssh
keys. Alice only with his only SSH Key.
Alice, Bob and Eve want to be users on this host:
accounts:
- alice
- bob
- eve
Generate ed25519 SSH Keys
By default, the do1jlr.sshd configure sshd to only allow ed25519 keys to log in. You can use this command to generate ed25519 keys.
ssh-keygen -t ed25519
Ansible Rolle to manage and deploy ssh keys of admin and non-admin users
ansible-galaxy install roles-ansible/ansible_role_pubkeys