1
0
Fork 0

Merge pull request #3 from TheRojam/add/admin_ssh_user

added steps to secure Authentication w/o Password
This commit is contained in:
Anton 2021-05-01 19:59:02 +02:00 committed by GitHub
commit 15f5439273
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 25 additions and 2 deletions

View file

@ -39,11 +39,16 @@ yunohost:
firstname: Jane firstname: Jane
lastname: Doe lastname: Doe
domain: {{ domain }} domain: {{ domain }}
- name: user1 # user which uses the first extra_domain for its account - name: user2 # user which uses the first extra_domain for its account
pass: p@ssw0rd pass: p@ssw0rd
firstname: Jane firstname: John
lastname: Doe lastname: Doe
domain: {{ extra_domain.[1] }} domain: {{ extra_domain.[1] }}
admin_users:
- name: admin # user generated by yunohost as its admin user
key: ssh-rsa ... # key for admin user
- name: user1 # user generated by yunohost and defined by you
key: ssh-rsa ... # key for
``` ```
Dependencies Dependencies

View file

@ -6,3 +6,4 @@ yunohost:
ignore_dyndns: False ignore_dyndns: False
apps: ~ apps: ~
users: ~ users: ~
admin_users:

13
tasks/admin_users.yml Normal file
View file

@ -0,0 +1,13 @@
---
- name: add sshkey for admin user:
ansible.posix.authorized_key:
user: "{{ item.name }}"
state: present
key: "{{ item.key }}"
loop: "{{ yunohost.admin_users }}"
- name: Disable Password Authentication for ssh.usage
ansible.builtin.replace:
path: /etc/ssh/sshd_config
regex: PasswordAuthentication
replace: 'PasswordAuthentication no\1'

View file

@ -45,6 +45,10 @@
ansible.builtin.include: users.yml ansible.builtin.include: users.yml
when: yunohost.users when: yunohost.users
- name: Add ssh for admin user
ansible.builtin.include: admin_users.yml
when: yunohost.admin_users is defined
- name: Install apps - name: Install apps
ansible.builtin.include: apps.yml ansible.builtin.include: apps.yml
when: yunohost.apps when: yunohost.apps