summaryrefslogtreecommitdiff
path: root/v-i.yml
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2020-04-19 09:45:33 +0300
committerLars Wirzenius <liw@liw.fi>2020-04-19 12:15:33 +0300
commit82cfb707506fb5b516c9f0a82e8cedcb507a9444 (patch)
tree64b41ba94d198e2e594e7d6e7f6d838d9fb2dc23 /v-i.yml
parent6acb44e30d71477e1a1e34016e4e5909cc9528cb (diff)
downloadv-i-82cfb707506fb5b516c9f0a82e8cedcb507a9444.tar.gz
Change: disable password authentication over ssh
Diffstat (limited to 'v-i.yml')
-rw-r--r--v-i.yml10
1 files changed, 9 insertions, 1 deletions
diff --git a/v-i.yml b/v-i.yml
index c476585..bdf039f 100644
--- a/v-i.yml
+++ b/v-i.yml
@@ -48,6 +48,12 @@
iface eth0 inet6 auto
dest: /etc/network/interfaces.d/wired
+ - name: "restrict root logins over ssh"
+ lineinfile:
+ path: /etc/ssh/sshd_config
+ regex: "#* *PasswordAuthentication"
+ line: "PasswordAuthentication no"
+
- name: "copy rootfs tarball"
copy:
src: "{{ rootfs_tarball }}"
@@ -56,7 +62,9 @@
- name: "add my ssh pub key to root's authorized keys"
authorized_key:
user: root
- key: "{{ lookup('file', '/home/liw/.ssh/liw-openpgp.pub') }}"
+ key: "{{ user_pub }}"
vars:
hostname: v-i
+ user_pub: |
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAlECa3tbFGXhB3Zh/4/GhM11THOThVfiuLqqJ2dpWHEClzpKJHpzzwWt7g9z/MMQNMsUJLy+okz+De6hdjjmYJ9kG9Sr3H4YKq6itGQMj7L/cH3WS3ynp0uy0oW3hf932vDZKQ8iy9vczXH+ERYl+4TYae1Jp4Hyf4/2IYxEfuhKctvSvqySST3Qk9JNZ71HFGOWhjH/MmoCLoT1v+HkqmHdYf/GMKGRo3gqCEGgCgNErYYIyKm3OF3dHXK+hyGLE/cZNu6fU5woW3rvtUCFt08Ri2pm0cnXXJn9jQIMxfS5Kkf64svwgzKmPqgX1f4flopYPlsBXduCgzbJvj+lpgauAk/i1A5B01CFa9sI4C6pHZmwk1qxRwN+4IXL2CQt+tDgYC84ZDDd8R7cNyL22a3KhMQmdHtvog1beAa3Ab+J+cafkXXN+Es9f1wQjzk7DiHupmJIVofBvPP+cRcB46rwha6ati8Fa5QkT9rXFNqQsKk7jq8TIi54Bm15OOa0jInGG3TM17b9Ftu2WTJSAaqgBnDfZiInK7HEvC6K/IBljrN3oGagmFZPrAvzw7d6C2/nKFAQtfoMcE5oWVDrJyjsmJ8oaru0E8rwj7mMvyKPgEMnXTGXLWDgEo50+i291m4bkCxVwiOPbPRvdMll1Y8qfBAPT76sY4Ikgcw/2iw== openpgp:0xBBE80E50
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-06 14:11:39 +0000