libretic/ansible-sshd
6
0
Fork 0
mirror of https://github.com/willshersystems/ansible-sshd synced 2024-11-22 11:00:19 +01:00
Code Issues Projects Releases Packages Wiki Activity
ansible-sshd/examples/example-use-certificates.yml

24 lines
910 B
YAML
Raw Normal View History

feat: manage ssh certificates (#252) * Role configured to accept SSH connection via SSH certificates * Works with or without principals and ansible-lint updated * add test for SSH certificates authentication with principals * Add configuration to run tests for SSH certificates authentication with principals * tasks to use SSH certificates grouped into one file * Update README.md
2023-09-11 15:39:03 +02:00
---
- name: Use SSH certificates
hosts: all
tasks:
- name: Configure sshd to enable SSH Certificate login
ansible.builtin.include_role:
name: ansible-sshd
vars:
sshd:
# Disable password authentication, use SSH Certificates and configure authorized principals
PasswordAuthentication: false
TrustedUserCAKeys: /etc/ssh/trusted-user-ca-keys.pub
AuthorizedPrincipalsFile: "/etc/ssh/auth_principals/%u"
# List of trusted user CA keys
sshd_trusted_user_ca_keys_list:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICwqRjI9gAwkQF9iIylhRVAOFy2Joodh3fXJ7CbGWqUd
# Key is the user in the os, values are *Principals* defined in the certificate
sshd_principals:
admin:
- frontend-admin
- backend-admin
somelinuxuser:
- some-principal-defined-in-certificate
Reference in a new issue Copy permalink