lafrite/Ansible_workstation
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

editing sshd and add public keys

Browse Source
This commit is contained in:
Bertrand Benjamin 2018-08-24 11:00:52 +02:00
parent 90c34c513a
commit 85839d2385
6 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Choux.yml
View File

@ -5,6 +5,9 @@
vars_files: vars_files:
- vars/common.yml - vars/common.yml
vars:
- deploy_public_key: files/id_ed25519_home.pub
tasks: tasks:
- include: tasks/arch_CLI_packages.yml - include: tasks/arch_CLI_packages.yml
- include: tasks/zsh.yml - include: tasks/zsh.yml

1
files/id_ed25519_embrevade.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUqG2jXhu8S4LIeaMCzXhR27TU85OJZzQF1Qmi21VL2 lafrite@Poivre

1
files/id_ed25519_home.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdDO8452/DpTR8taSKa/i+rgAvrYP9Fv9hYLMuphHQ+ lafrite@Poivre

5
files/sshd_config
View File

@ -30,7 +30,6 @@
#LoginGraceTime 2m #LoginGraceTime 2m
#PermitRootLogin prohibit-password #PermitRootLogin prohibit-password
PermitRootLogin no
#StrictModes yes #StrictModes yes
#MaxAuthTries 6 #MaxAuthTries 6
#MaxSessions 10 #MaxSessions 10
@ -55,7 +54,7 @@ AuthorizedKeysFile .ssh/authorized_keys
#IgnoreRhosts yes #IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here! # To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no #PasswordAuthentication yes
#PermitEmptyPasswords no #PermitEmptyPasswords no
# Change to no to disable s/key passwords # Change to no to disable s/key passwords
@ -116,5 +115,3 @@ Subsystem sftp /usr/lib/ssh/sftp-server
# AllowTcpForwarding no # AllowTcpForwarding no
# PermitTTY no # PermitTTY no
# ForceCommand cvs server # ForceCommand cvs server
AllowUser {% for user in me %}{{ user.username }}{% endfor %}

25
tasks/ssh.yml
View File

@ -3,6 +3,31 @@
template: template:
src: files/sshd_config src: files/sshd_config
dest: /etc/ssh/sshd_config dest: /etc/ssh/sshd_config
- name: Disable empty password login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PermitEmptyPasswords"
line: "PermitEmptyPasswords no"
- name: Disable remote root login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PermitRootLogin"
line: "PermitRootLogin no"
- name: Add public key for deploy user
authorized_key:
user: "{{ deploy_user.username }}"
key: "{{ deploy_public_key }}"
register: add_identity_key
- name: Disable password login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PasswordAuthentication"
line: "PasswordAuthentication no"
when: add_identity_key|success and not add_identity_key|skipped
notify: restart sshd notify: restart sshd
- name: Enable SSH daemon - name: Enable SSH daemon

2
vars/common.yml
View File

@ -7,3 +7,5 @@ deploy_users:
- { username: 'waha', password: '$6$tQLlZ3lI/NDcT3.C$VCBzrpNxDgOK7b2que2/BnAYWl.zKVugZrQEPxtsq3iWcskEzQ1NvytZRXkB4GCDa/xEohxiodyCaZyFnhxby1', uid: '999'} - { username: 'waha', password: '$6$tQLlZ3lI/NDcT3.C$VCBzrpNxDgOK7b2que2/BnAYWl.zKVugZrQEPxtsq3iWcskEzQ1NvytZRXkB4GCDa/xEohxiodyCaZyFnhxby1', uid: '999'}
minimal: false minimal: false
deploy_public_key: files/id_ed25519_embrevade.pub