diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-04-08 17:39:59 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-04-08 17:39:59 +0300 |
commit | 360011c903bcfa89c35bee1d8d0ec4b98b029ed8 (patch) | |
tree | 1615f90558d3a94fbb4a7b6cdfd9743083e795d0 | |
parent | 7c4b6e29b1d48847aedbc6da5316c5a30fb5ede2 (diff) | |
download | v-i-360011c903bcfa89c35bee1d8d0ec4b98b029ed8.tar.gz |
feat: if desired, configure host's sshd to accept a CA for users
Sponsored-by: author
-rw-r--r-- | std.yml | 15 |
1 files changed, 15 insertions, 0 deletions
@@ -16,6 +16,7 @@ passwd -l root - name: "create ~root/.ssh" + when: user_pub is defined file: state: directory path: /root/.ssh @@ -24,6 +25,7 @@ mode: 0700 - name: "set ~root/.ssh/authorized keys" + when: user_pub is defined copy: content: | {{ user_pub }} @@ -32,6 +34,19 @@ group: root mode: 0600 + - name: "install user CA public key" + when: user_ca_pubkey is defined + copy: + content: | + {{ user_ca_pubkey }} + dest: /etc/ssh/user_ca_keys + + - name: "configure sshd to accept CA for users" + when: user_ca_pubkey is defined + copy: + content: TrustedUserCAKeys /etc/ssh/user_ca_keys + dest: /etc/ssh/sshd_config.d/userca.conf + - name: "configure keyboard layout" copy: content: | |