From f911c78946f175b631b05e6584c40ede303d1c54 Mon Sep 17 00:00:00 2001 From: therojam Date: Sat, 1 May 2021 19:57:06 +0200 Subject: [PATCH] added steps to secure Authentication w/o Password --- README.md | 9 +++++++-- default/main.yml | 1 + tasks/admin_users.yml | 13 +++++++++++++ tasks/main.yml | 4 ++++ 4 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 tasks/admin_users.yml diff --git a/README.md b/README.md index 217647d..d73a8e7 100644 --- a/README.md +++ b/README.md @@ -39,11 +39,16 @@ yunohost: firstname: Jane lastname: Doe domain: {{ domain }} - - name: user1 # user which uses the first extra_domain for its account + - name: user2 # user which uses the first extra_domain for its account pass: p@ssw0rd - firstname: Jane + firstname: John lastname: Doe domain: {{ extra_domain.[1] }} + admin_users: + - name: admin # user generated by yunohost as its admin user + key: ssh-rsa ... # key for admin user + - name: user1 # user generated by yunohost and defined by you + key: ssh-rsa ... # key for ``` Dependencies diff --git a/default/main.yml b/default/main.yml index 3f3a500..80bb4c5 100644 --- a/default/main.yml +++ b/default/main.yml @@ -6,3 +6,4 @@ yunohost: ignore_dyndns: False apps: ~ users: ~ + admin_users: diff --git a/tasks/admin_users.yml b/tasks/admin_users.yml new file mode 100644 index 0000000..b515866 --- /dev/null +++ b/tasks/admin_users.yml @@ -0,0 +1,13 @@ +--- +- name: add sshkey for admin user: + ansible.posix.authorized_key: + user: "{{ item.name }}" + state: present + key: "{{ item.key }}" + loop: "{{ yunohost.admin_users }}" + +- name: Disable Password Authentication for ssh.usage + ansible.builtin.replace: + path: /etc/ssh/sshd_config + regex: PasswordAuthentication + replace: 'PasswordAuthentication no\1' diff --git a/tasks/main.yml b/tasks/main.yml index b01d51b..2dbc71a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -45,6 +45,10 @@ ansible.builtin.include: users.yml when: yunohost.users +- name: Add ssh for admin user + ansible.builtin.include: admin_users.yml + when: yunohost.admin_users is defined + - name: Install apps ansible.builtin.include: apps.yml when: yunohost.apps