62 lines
1.4 KiB
YAML
62 lines
1.4 KiB
YAML
- name: Configure SSH
|
|
hosts: athelas
|
|
tasks:
|
|
|
|
- name: Generate RSA4096 SSH key
|
|
community.crypto.openssh_keypair:
|
|
path: "~/ssh_key"
|
|
size: 4096
|
|
|
|
- name: Get SSH Private Key
|
|
ansible.builtin.fetch:
|
|
dest: "~/ansible/keys/"
|
|
src: "~/ssh_key"
|
|
flat: true
|
|
|
|
- name: Get SSH Public Key
|
|
ansible.builtin.fetch:
|
|
dest: "~/ansible/keys/"
|
|
src: "~/ssh_key.pub"
|
|
flat: true
|
|
|
|
- name: Copy new SSH configuration
|
|
ansible.builtin.template:
|
|
src: "templates/sshd_config.j2"
|
|
dest: "/etc/ssh/sshd_config"
|
|
|
|
- name: Create new user
|
|
ansible.builtin.user:
|
|
name: "test"
|
|
groups: "sudo"
|
|
append: true
|
|
password: "{{ lookup('password', '/tmp/userpass length=12 encrypt=sha512_crypt') }}"
|
|
become: true
|
|
|
|
- name: Display password
|
|
ansible.builtin.debug:
|
|
msg: "Password : {{ lookup('file', '/tmp/userpass') }}"
|
|
|
|
- name: Add SSH public key to remote host
|
|
ansible.builtin.authorized_key:
|
|
user: "test"
|
|
key: "{{ lookup('file', '~/ansible/keys/ssh_key.pub') }}"
|
|
become: true
|
|
|
|
- name: Restart SSH Services
|
|
ansible.builtin.service:
|
|
name: "{{ item }}"
|
|
state: restarted
|
|
become: true
|
|
with_items:
|
|
- ssh
|
|
- sshd
|
|
|
|
- hosts: 127.0.0.1
|
|
connection: local
|
|
tasks:
|
|
|
|
- name: Delete pass file
|
|
ansible.builtin.file:
|
|
path: /tmp/userpass
|
|
state: absent
|