Ansible playbook that you can use to control ssh access to your linux servers. You can install or remove keys, tune sshd options and install additional software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Vladimir Smagin 63243cc40d import ssh 2 years ago
group_vars import ssh 2 years ago
host_vars import ssh 2 years ago
roles import ssh 2 years ago
secrets import ssh 2 years ago
.gitignore import ssh 2 years ago
ansible.cfg import ssh 2 years ago
inventory.ini import ssh 2 years ago import ssh 2 years ago import ssh 2 years ago
ssh-keys.yml import ssh 2 years ago

Ansible centralized keys management

Dicts in parent group merges with dicts in child groups.

Warning! Playbook will delete all public keys in root's .ssh/authorized_keys file and setup own super key, only after this public keys in group_vars and host_vars will be added into assigned users .ssh/authorized_keys files.

Security issue! You need to generate your own super key! Run ssh-keygen -f superkey and replace keys in secret/ directory.


--[ hetzner ]--\
               |- hetzner-balancers
               \- hetzner-nodes

All servers will be available to the administrator and assistant, servers must have own internal key for files copying. Configuring parent hetznergroup:

      admin: { keypath: "../keys/", username: "root" }
      techguy: { keypath: "../keys/", username: "root" }
      interserver: { keypath: "../keys/", username: "root" }

      interserver: { keypath: "../keys/interserver.pem", username: "root" }

You want to make additional access to all nodes for developer guy. Configuring child hetzner-nodes group:

      developer: { keypath: "../keys/", username: "dev" }

No need to make additional config for hetzner-balancers because access list will be inherited, only admins accessible.

Copyright by Vladimir Smagin, 2018