summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ansible/ssh-dev.yml68
1 files changed, 2 insertions, 66 deletions
diff --git a/ansible/ssh-dev.yml b/ansible/ssh-dev.yml
index d05cca4..8f3bf17 100644
--- a/ansible/ssh-dev.yml
+++ b/ansible/ssh-dev.yml
@@ -4,71 +4,7 @@
roles:
- role: sane_debian_system
- role: unix_users
- tasks:
- - name: "Set SSH host identity"
- when: sshd_host_key is defined and sshd_host_cert is defined
- copy:
- content: |
- {{ sshd_host_key }}
- dest: /etc/ssh/ssh_host_key
- owner: root
- group: root
- mode: 0600
- notify: sshd_restart
-
- - name: "Set SSH host certificate"
- when: sshd_host_key is defined and sshd_host_cert is defined
- copy:
- content: |
- {{ sshd_host_cert }}
- dest: /etc/ssh/ssh_host_key-cert.pub
- notify: sshd_restart
-
- - name: "Configure SSH server host key"
- when: sshd_host_key is defined and sshd_host_cert is defined
- copy:
- content: |
- HostKeyAlgorithms ssh-ed25519
- HostKey /etc/ssh/ssh_host_key
- HostCertificate /etc/ssh/ssh_host_key-cert.pub
- dest: /etc/ssh/sshd_config.d/host_id.conf
- notify: sshd_restart
-
- - name: "Remove obsolete SSH host keys and certificates"
- when: sshd_host_key is defined and sshd_host_cert is defined
- shell: |
- find /etc/ssh -maxdepth 1 -type f -name "ssh_host_*_key*" -delete
- notify: sshd_restart
-
- - name: "Configure SSH server port"
- when: sshd_port is defined
- copy:
- content: |
- Port {{ sshd_port }}
- dest: /etc/ssh/sshd_config.d/port.conf
- notify: sshd_restart
-
- - name: "Configure user CA for SSH server"
- when: sshd_user_ca_pub is defined
- copy:
- content: |
- {{ sshd_user_ca_pub }}
- dest: /etc/ssh/user_ca_pubs
- notify: sshd_restart
-
- - name: "Configure SSH server to accept user CA"
- when: sshd_user_ca_pub is defined
- copy:
- content: |
- TrustedUserCAKeys /etc/ssh/user_ca_pubs
- dest: /etc/ssh/sshd_config.d/user_ca.conf
- notify: sshd_restart
-
- handlers:
- - name: sshd_restart
- systemd:
- name: ssh
- state: restarted
+ - role: sshd
vars:
ansible_python_interpreter: /usr/bin/python3
@@ -81,9 +17,9 @@
unix_users:
- username: liw
+ sshd_version: 1
sshd_port: 22
sshd_user_ca_pub: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdSnGI91exKItWsZi0XFVQWluS0FUdd12FLjuQk1FxG liw User CA v1
-
sshd_host_key: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW