Skip to content
Snippets Groups Projects

ssh-server: Cleanup and Proxmox handling

Merged Thomas Schneider requested to merge th/dev into master
1 file
+ 30
2
Compare changes
  • Side-by-side
  • Inline
+ 30
2
@@ -79,12 +79,30 @@
- ssh
- root
- name: Check for Proxmox SSH keys
stat:
path: /etc/pve/priv/authorized_keys
register: pve_ssh_present
tags:
- ssh
- root
# filename syntax: name.pub or name+dest_host_1,...,dest_host_n.pub
- name: ensure our and only our keys are authorized for root
assemble:
dest: /root/.ssh/authorized_keys
dest: >-
{% if pve_ssh_present.stat.exists -%}
/etc/pve/priv/authorized_keys
{%- else -%}
/root/.ssh/authorized_keys
{%- endif %}
owner: root
group: root
group: >-
{% if pve_ssh_present.stat.exists -%}
www-data
{%- else -%}
root
{%- endif %}
mode: '0600'
remote_src: false
src: "{{ ssh_authorized_keys }}"
@@ -95,6 +113,16 @@
- ssh
- root
- name: Ensure Proxmox distributes the SSH keys
file:
path: /root/.ssh/authorized_keys
src: /etc/pve/priv/authorized_keys
state: link
when: pve_ssh_present.stat.exists
tags:
- ssh
- root
- name: ensure we fail2ban bad people
apt:
name: fail2ban
Loading