From 3662dea93870e19e37ba97cdba2d19edda26f758 Mon Sep 17 00:00:00 2001 From: Thomas Schneider <tschneider@asta.rwth-aachen.de> Date: Mon, 31 Aug 2020 15:48:14 +0200 Subject: [PATCH] =?UTF-8?q?ssh-server:=20Use=20Proxmox=E2=80=99=20authoriz?= =?UTF-8?q?ed=5Fkeys=20files=20iff=20available?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ssh-server/tasks/main.yml | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/ssh-server/tasks/main.yml b/ssh-server/tasks/main.yml index 60232a1..5ea696c 100644 --- a/ssh-server/tasks/main.yml +++ b/ssh-server/tasks/main.yml @@ -79,12 +79,30 @@ - ssh - root +- name: Check for Proxmox SSH keys + stat: + path: /etc/pve/priv/authorized_keys + register: pve_ssh_present + tags: + - ssh + - root + # filename syntax: name.pub or name+dest_host_1,...,dest_host_n.pub - name: ensure our and only our keys are authorized for root assemble: - dest: /root/.ssh/authorized_keys + dest: >- + {% if pve_ssh_present.stat.exists -%} + /etc/pve/priv/authorized_keys + {%- else -%} + /root/.ssh/authorized_keys + {%- endif %} owner: root - group: root + group: >- + {% if pve_ssh_present.stat.exists -%} + www-data + {%- else -%} + root + {%- endif %} mode: '0600' remote_src: false src: "{{ ssh_authorized_keys }}" @@ -95,6 +113,16 @@ - ssh - root +- name: Ensure Proxmox distributes the SSH keys + file: + path: /root/.ssh/authorized_keys + src: /etc/pve/priv/authorized_keys + state: link + when: pve_ssh_present.stat.exists + tags: + - ssh + - root + - name: ensure we fail2ban bad people apt: name: fail2ban -- GitLab