Merge pull request #3 from TheRojam/add/admin_ssh_user
added steps to secure Authentication w/o Password
This commit is contained in:
commit
15f5439273
4 changed files with 25 additions and 2 deletions
|
@ -39,11 +39,16 @@ yunohost:
|
||||||
firstname: Jane
|
firstname: Jane
|
||||||
lastname: Doe
|
lastname: Doe
|
||||||
domain: {{ domain }}
|
domain: {{ domain }}
|
||||||
- name: user1 # user which uses the first extra_domain for its account
|
- name: user2 # user which uses the first extra_domain for its account
|
||||||
pass: p@ssw0rd
|
pass: p@ssw0rd
|
||||||
firstname: Jane
|
firstname: John
|
||||||
lastname: Doe
|
lastname: Doe
|
||||||
domain: {{ extra_domain.[1] }}
|
domain: {{ extra_domain.[1] }}
|
||||||
|
admin_users:
|
||||||
|
- name: admin # user generated by yunohost as its admin user
|
||||||
|
key: ssh-rsa ... # key for admin user
|
||||||
|
- name: user1 # user generated by yunohost and defined by you
|
||||||
|
key: ssh-rsa ... # key for
|
||||||
```
|
```
|
||||||
|
|
||||||
Dependencies
|
Dependencies
|
||||||
|
|
|
@ -6,3 +6,4 @@ yunohost:
|
||||||
ignore_dyndns: False
|
ignore_dyndns: False
|
||||||
apps: ~
|
apps: ~
|
||||||
users: ~
|
users: ~
|
||||||
|
admin_users:
|
||||||
|
|
13
tasks/admin_users.yml
Normal file
13
tasks/admin_users.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
- name: add sshkey for admin user:
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: "{{ item.name }}"
|
||||||
|
state: present
|
||||||
|
key: "{{ item.key }}"
|
||||||
|
loop: "{{ yunohost.admin_users }}"
|
||||||
|
|
||||||
|
- name: Disable Password Authentication for ssh.usage
|
||||||
|
ansible.builtin.replace:
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
regex: PasswordAuthentication
|
||||||
|
replace: 'PasswordAuthentication no\1'
|
|
@ -45,6 +45,10 @@
|
||||||
ansible.builtin.include: users.yml
|
ansible.builtin.include: users.yml
|
||||||
when: yunohost.users
|
when: yunohost.users
|
||||||
|
|
||||||
|
- name: Add ssh for admin user
|
||||||
|
ansible.builtin.include: admin_users.yml
|
||||||
|
when: yunohost.admin_users is defined
|
||||||
|
|
||||||
- name: Install apps
|
- name: Install apps
|
||||||
ansible.builtin.include: apps.yml
|
ansible.builtin.include: apps.yml
|
||||||
when: yunohost.apps
|
when: yunohost.apps
|
||||||
|
|
Loading…
Reference in a new issue