mirror of
https://github.com/willshersystems/ansible-sshd
synced 2024-12-23 00:50:18 +01:00
0bc6d8f40b
* Role configured to accept SSH connection via SSH certificates * Works with or without principals and ansible-lint updated * add test for SSH certificates authentication with principals * Add configuration to run tests for SSH certificates authentication with principals * tasks to use SSH certificates grouped into one file * Update README.md
23 lines
910 B
YAML
23 lines
910 B
YAML
---
|
|
- name: Use SSH certificates
|
|
hosts: all
|
|
tasks:
|
|
- name: Configure sshd to enable SSH Certificate login
|
|
ansible.builtin.include_role:
|
|
name: ansible-sshd
|
|
vars:
|
|
sshd:
|
|
# Disable password authentication, use SSH Certificates and configure authorized principals
|
|
PasswordAuthentication: false
|
|
TrustedUserCAKeys: /etc/ssh/trusted-user-ca-keys.pub
|
|
AuthorizedPrincipalsFile: "/etc/ssh/auth_principals/%u"
|
|
# List of trusted user CA keys
|
|
sshd_trusted_user_ca_keys_list:
|
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICwqRjI9gAwkQF9iIylhRVAOFy2Joodh3fXJ7CbGWqUd
|
|
# Key is the user in the os, values are *Principals* defined in the certificate
|
|
sshd_principals:
|
|
admin:
|
|
- frontend-admin
|
|
- backend-admin
|
|
somelinuxuser:
|
|
- some-principal-defined-in-certificate
|