Ansible playbook that you can use to control ssh access to your linux servers. You can install or remove keys, tune sshd options and install additional software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

1.5 KiB

Ansible centralized keys management

Dicts in parent group merges with dicts in child groups.

Warning! Playbook will delete all public keys in root's .ssh/authorized_keys file and setup own super key, only after this public keys in group_vars and host_vars will be added into assigned users .ssh/authorized_keys files.

Security issue! You need to generate your own super key! Run ssh-keygen -f superkey and replace keys in secret/ directory.

Infrastructure:

--[ hetzner ]--\
               |- hetzner-balancers
               \- hetzner-nodes

All servers will be available to the administrator and assistant, servers must have own internal key for files copying. Configuring parent hetznergroup:

    access_list:
      admin: { keypath: "../keys/admin.pub", username: "root" }
      techguy: { keypath: "../keys/techguy.pub", username: "root" }
      interserver: { keypath: "../keys/interserver.pub", username: "root" }

    secret_list:
      interserver: { keypath: "../keys/interserver.pem", username: "root" }

You want to make additional access to all nodes for developer guy. Configuring child hetzner-nodes group:

    access_list:
      developer: { keypath: "../keys/developer.pub", username: "dev" }

No need to make additional config for hetzner-balancers because access list will be inherited, only admins accessible.


Copyright by Vladimir Smagin, 2018 http://blindage.org 21h@blindage.org