Ansible playbook that you can use to control ssh access to your linux servers. You can install or remove keys, tune sshd options and install additional software.

sa ansible

Vladimir Smagin 63243cc40d import ssh		2 years ago
group_vars	import ssh	2 years ago
host_vars	import ssh	2 years ago
roles	import ssh	2 years ago
secrets	import ssh	2 years ago
.gitignore	import ssh	2 years ago
ansible.cfg	import ssh	2 years ago
inventory.ini	import ssh	2 years ago
readme.md	import ssh	2 years ago
ssh-keys.sh	import ssh	2 years ago
ssh-keys.yml	import ssh	2 years ago

readme.md

Ansible centralized keys management

Dicts in parent group merges with dicts in child groups.

Warning! Playbook will delete all public keys in root's .ssh/authorized_keys file and setup own super key, only after this public keys in group_vars and host_vars will be added into assigned users .ssh/authorized_keys files.

Security issue! You need to generate your own super key! Run ssh-keygen -f superkey and replace keys in secret/ directory.

Infrastructure:

--[ hetzner ]--\
               |- hetzner-balancers
               \- hetzner-nodes

All servers will be available to the administrator and assistant, servers must have own internal key for files copying. Configuring parent hetznergroup:

    access_list:
      admin: { keypath: "../keys/admin.pub", username: "root" }
      techguy: { keypath: "../keys/techguy.pub", username: "root" }
      interserver: { keypath: "../keys/interserver.pub", username: "root" }

    secret_list:
      interserver: { keypath: "../keys/interserver.pem", username: "root" }

You want to make additional access to all nodes for developer guy. Configuring child hetzner-nodes group:

    access_list:
      developer: { keypath: "../keys/developer.pub", username: "dev" }

No need to make additional config for hetzner-balancers because access list will be inherited, only admins accessible.