Skip to content
Snippets Groups Projects
Commit 3662dea9 authored by Thomas Schneider's avatar Thomas Schneider
Browse files

ssh-server: Use Proxmox’ authorized_keys files iff available

parent 916fea27
No related branches found
No related tags found
1 merge request!11ssh-server: Cleanup and Proxmox handling
Pipeline #2356 passed
......@@ -79,12 +79,30 @@
- ssh
- root
- name: Check for Proxmox SSH keys
stat:
path: /etc/pve/priv/authorized_keys
register: pve_ssh_present
tags:
- ssh
- root
# filename syntax: name.pub or name+dest_host_1,...,dest_host_n.pub
- name: ensure our and only our keys are authorized for root
assemble:
dest: /root/.ssh/authorized_keys
dest: >-
{% if pve_ssh_present.stat.exists -%}
/etc/pve/priv/authorized_keys
{%- else -%}
/root/.ssh/authorized_keys
{%- endif %}
owner: root
group: root
group: >-
{% if pve_ssh_present.stat.exists -%}
www-data
{%- else -%}
root
{%- endif %}
mode: '0600'
remote_src: false
src: "{{ ssh_authorized_keys }}"
......@@ -95,6 +113,16 @@
- ssh
- root
- name: Ensure Proxmox distributes the SSH keys
file:
path: /root/.ssh/authorized_keys
src: /etc/pve/priv/authorized_keys
state: link
when: pve_ssh_present.stat.exists
tags:
- ssh
- root
- name: ensure we fail2ban bad people
apt:
name: fail2ban
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment