ssh-dev: configure user CA

Sponsored-by: author
author: Lars Wirzenius <liw@liw.fi> 2022-07-31 17:03:13 +0300
committer: Lars Wirzenius <liw@liw.fi> 2022-07-31 17:03:13 +0300
commit: 73a93a35109cdd66d9e4fa16c58400d89afefa26 (patch)
tree: f4a1d47bb469c3c6b98dfc3031cb74902ed02bc1
parent: 7e6e7ef34ed70a50ef4d42ea8eaa2b27d2790e51 (diff)
download: ansibleness-73a93a35109cdd66d9e4fa16c58400d89afefa26.tar.gz
1 files changed, 15 insertions, 1 deletions
diff --git a/ansible/ssh-dev.yml b/ansible/ssh-dev.yml
index dd20b79..889c72b 100644
--- a/ansible/ssh-dev.yml
+++ b/ansible/ssh-dev.yml
@@ -12,11 +12,23 @@
           Port {{ sshd_port }}
         dest: /etc/ssh/sshd_config.d/port.conf
       notify: sshd_restart
+    - name: "Configure user CA for SSH server"
+      when: sshd_user_ca_pub is defined
+      copy:
+        content: |
+          {{ sshd_user_ca_pub }}
+        dest: /etc/ssh/user_ca_pubs
+    - name: "Configure SSH server to accept user CA"
+      when: sshd_user_ca_pub is defined
+      copy:
+        content: |
+          TrustedUserCAKeys /etc/ssh/user_ca_pubs
+        dest: /etc/ssh/sshd_config.d/user_ca.conf
   handlers:
     - name: sshd_restart
       systemd:
         name: ssh
-        state: restarted
+        state: reloaded
   vars:
     ansible_python_interpreter: /usr/bin/python3
 
@@ -30,3 +42,5 @@
       - username: liw
 
     sshd_port: 22
+    sshd_user_ca_pub: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdSnGI91exKItWsZi0XFVQWluS0FUdd12FLjuQk1FxG liw User CA v1
+
author	Lars Wirzenius <liw@liw.fi>	2022-07-31 17:03:13 +0300
committer	Lars Wirzenius <liw@liw.fi>	2022-07-31 17:03:13 +0300
commit	73a93a35109cdd66d9e4fa16c58400d89afefa26 (patch)
tree	f4a1d47bb469c3c6b98dfc3031cb74902ed02bc1
parent	7e6e7ef34ed70a50ef4d42ea8eaa2b27d2790e51 (diff)
download	ansibleness-73a93a35109cdd66d9e4fa16c58400d89afefa26.tar.gz