ansible-sshd/examples/example-use-certificates.yml

---
- name: Use SSH certificates
  hosts: all
  tasks:
    - name: Configure sshd to enable SSH Certificate login
      ansible.builtin.include_role:
        name: ansible-sshd
      vars:
        sshd_config:
          # Disable password authentication, use SSH Certificates and configure authorized principals
          PasswordAuthentication: false
          TrustedUserCAKeys: /etc/ssh/trusted-user-ca-keys.pub
          AuthorizedPrincipalsFile: "/etc/ssh/auth_principals/%u"
        # List of trusted user CA keys
        sshd_trusted_user_ca_keys_list:
          - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICwqRjI9gAwkQF9iIylhRVAOFy2Joodh3fXJ7CbGWqUd
        # Key is the user in the os, values are *Principals* defined in the certificate
        sshd_principals:
          admin:
            - frontend-admin
            - backend-admin
          somelinuxuser:
            - some-principal-defined-in-certificate
feat: manage ssh certificates (#252) * Role configured to accept SSH connection via SSH certificates * Works with or without principals and ansible-lint updated * add test for SSH certificates authentication with principals * Add configuration to run tests for SSH certificates authentication with principals * tasks to use SSH certificates grouped into one file * Update README.md 2023-09-11 15:39:03 +02:00			`---`
			`- name: Use SSH certificates`
			`hosts: all`
			`tasks:`
			`- name: Configure sshd to enable SSH Certificate login`
			`ansible.builtin.include_role:`
			`name: ansible-sshd`
			`vars:`
fix: rename var sshd -> sshd_config and debug output (#299) 2024-10-24 18:59:04 +02:00			`sshd_config:`
feat: manage ssh certificates (#252) * Role configured to accept SSH connection via SSH certificates * Works with or without principals and ansible-lint updated * add test for SSH certificates authentication with principals * Add configuration to run tests for SSH certificates authentication with principals * tasks to use SSH certificates grouped into one file * Update README.md 2023-09-11 15:39:03 +02:00			`# Disable password authentication, use SSH Certificates and configure authorized principals`
			`PasswordAuthentication: false`
			`TrustedUserCAKeys: /etc/ssh/trusted-user-ca-keys.pub`
			`AuthorizedPrincipalsFile: "/etc/ssh/auth_principals/%u"`
			`# List of trusted user CA keys`
			`sshd_trusted_user_ca_keys_list:`
			`- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICwqRjI9gAwkQF9iIylhRVAOFy2Joodh3fXJ7CbGWqUd`
			`# Key is the user in the os, values are Principals defined in the certificate`
			`sshd_principals:`
			`admin:`
			`- frontend-admin`
			`- backend-admin`
			`somelinuxuser:`
			`- some-principal-defined-in-certificate`