added steps to secure Authentication w/o Password
This commit is contained in:
parent
f92cc6f327
commit
f911c78946
4 changed files with 25 additions and 2 deletions
|
@ -39,11 +39,16 @@ yunohost:
|
|||
firstname: Jane
|
||||
lastname: Doe
|
||||
domain: {{ domain }}
|
||||
- name: user1 # user which uses the first extra_domain for its account
|
||||
- name: user2 # user which uses the first extra_domain for its account
|
||||
pass: p@ssw0rd
|
||||
firstname: Jane
|
||||
firstname: John
|
||||
lastname: Doe
|
||||
domain: {{ extra_domain.[1] }}
|
||||
admin_users:
|
||||
- name: admin # user generated by yunohost as its admin user
|
||||
key: ssh-rsa ... # key for admin user
|
||||
- name: user1 # user generated by yunohost and defined by you
|
||||
key: ssh-rsa ... # key for
|
||||
```
|
||||
|
||||
Dependencies
|
||||
|
|
|
@ -6,3 +6,4 @@ yunohost:
|
|||
ignore_dyndns: False
|
||||
apps: ~
|
||||
users: ~
|
||||
admin_users:
|
||||
|
|
13
tasks/admin_users.yml
Normal file
13
tasks/admin_users.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
- name: add sshkey for admin user:
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ item.name }}"
|
||||
state: present
|
||||
key: "{{ item.key }}"
|
||||
loop: "{{ yunohost.admin_users }}"
|
||||
|
||||
- name: Disable Password Authentication for ssh.usage
|
||||
ansible.builtin.replace:
|
||||
path: /etc/ssh/sshd_config
|
||||
regex: PasswordAuthentication
|
||||
replace: 'PasswordAuthentication no\1'
|
|
@ -45,6 +45,10 @@
|
|||
ansible.builtin.include: users.yml
|
||||
when: yunohost.users
|
||||
|
||||
- name: Add ssh for admin user
|
||||
ansible.builtin.include: admin_users.yml
|
||||
when: yunohost.admin_users is defined
|
||||
|
||||
- name: Install apps
|
||||
ansible.builtin.include: apps.yml
|
||||
when: yunohost.apps
|
||||
|
|
Loading…
Reference in a new issue