fix user certificate usage

2023-04-11 08:45:28 +02:00 · 2023-04-11 08:45:28 +02:00 · d5fdceb9d1
commit d5fdceb9d1
parent f3c43eb15c
3 changed files with 4 additions and 2 deletions
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@ -4,4 +4,4 @@ all:
      hosts:
        lewis:
          ansible_user: root
-          ansible_host: lewis.dmz
+          ansible_host: lewis.lan
--- a/roles/system/files/ssh.conf
+++ b/roles/system/files/ssh.conf
@ -1 +1,2 @@
 CertificateFile /etc/ssh/ssh_user_ed25519_key-cert.pub
+IdentityFile /etc/ssh/ssh_user_ed25519_key
--- a/roles/system/tasks/main.yml
+++ b/roles/system/tasks/main.yml
@ -33,7 +33,7 @@
  register: cert_stat
 - name: Generate user certificate
  command:
-    cmd: "ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@hermes.dmz '/root/ca.sh user \"{{ user_public_key }}\" lewis.dmz \"backup\"'"
+    cmd: "ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@hermes.dmz '/root/ca.sh user \"{{ user_public_key }}\" lewis.lan \"backup\"'"
  register: cert
  delegate_to: localhost
  when: not cert_stat.stat.exists
@ -41,4 +41,5 @@
  copy:
    dest: "/etc/ssh/ssh_user_ed25519_key-cert.pub"
    content: "{{ cert.stdout }}"
+    mode: 0600
  when: not cert_stat.stat.exists