43 lines
1.4 KiB
YAML
43 lines
1.4 KiB
YAML
---
|
|
# https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html#examples
|
|
- name: Update ssh key and login permissions
|
|
strategy: free # dont wait for other hosts when executing
|
|
hosts: oracleServer
|
|
vars_prompt:
|
|
- name: ssh_key_path
|
|
prompt: enter the path to the ssh key to add
|
|
private: false
|
|
- name: ssh_key_comment
|
|
prompt: enter the comment that should be saved in the authorized_keys file
|
|
private: false
|
|
tasks:
|
|
|
|
- name: Add ssh key
|
|
become: true
|
|
async: 120 # Maximum execution time
|
|
poll: 5 # polling interval in seconds
|
|
ansible.posix.authorized_key:
|
|
user: "{{ ansible_user_id }}"
|
|
exclusive: true
|
|
state: present
|
|
key: "{{ lookup('file', '{{ ssh_key_path }}') }}"
|
|
comment: "{{ ssh_key_comment }}"
|
|
|
|
- name: Update sshd config
|
|
ansible.builtin.blockinfile:
|
|
path: /etc/ssh/sshd_config
|
|
insertbefore: BOF # Beginning of the file
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK BY LINUX-ADMIN"
|
|
block: |
|
|
PermitRootLogin no
|
|
PubkeyAuthentication yes
|
|
AuthorizedKeysFile .ssh/authorized_keys
|
|
PasswordAuthentication no
|
|
backup: true
|
|
validate: /usr/sbin/sshd -T -f %s
|
|
|
|
- name: Restart SSHD
|
|
ansible.builtin.service:
|
|
name: sshd
|
|
state: restarted
|