home/lewis
Archived
2
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity

fix user certificate usage

Browse source
This commit is contained in:
Pim Kunis 2023-04-11 08:45:28 +02:00
parent f3c43eb15c
commit d5fdceb9d1
3 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
inventory/hosts.yml
View file

@ -4,4 +4,4 @@ all:
hosts: hosts:
lewis: lewis:
ansible_user: root ansible_user: root
ansible_host: lewis.dmz ansible_host: lewis.lan

1
roles/system/files/ssh.conf
View file

@ -1 +1,2 @@
CertificateFile /etc/ssh/ssh_user_ed25519_key-cert.pub CertificateFile /etc/ssh/ssh_user_ed25519_key-cert.pub
IdentityFile /etc/ssh/ssh_user_ed25519_key

3
roles/system/tasks/main.yml
View file

@ -33,7 +33,7 @@
register: cert_stat register: cert_stat
- name: Generate user certificate - name: Generate user certificate
command: command:
cmd: "ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@hermes.dmz '/root/ca.sh user \"{{ user_public_key }}\" lewis.dmz \"backup\"'" cmd: "ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@hermes.dmz '/root/ca.sh user \"{{ user_public_key }}\" lewis.lan \"backup\"'"
register: cert register: cert
delegate_to: localhost delegate_to: localhost
when: not cert_stat.stat.exists when: not cert_stat.stat.exists
@ -41,4 +41,5 @@
copy: copy:
dest: "/etc/ssh/ssh_user_ed25519_key-cert.pub" dest: "/etc/ssh/ssh_user_ed25519_key-cert.pub"
content: "{{ cert.stdout }}" content: "{{ cert.stdout }}"
mode: 0600
when: not cert_stat.stat.exists when: not cert_stat.stat.exists