/ansible-ssh-keys

Ansible role to manage ssh keys in Debian-like systems

Primary LanguageDockerfileMIT LicenseMIT

ssh-keys

CI Ansible Galaxy

Manage ssh public key authentication (public / private / authorized keys and known hosts) in Debian-like systems.

Requirements

None

Variables

  • ssh_keys_generate_keys: [default: []]: Keys to generate locally

  • ssh_keys_generate_keys.{n}.path: [required] The local path where the key should be generated

  • ssh_keys_generate_keys.{n}.cipher: [default: None]: The cipher to encrypt the private key

  • ssh_keys_generate_keys.{n}.format: [default: OpenSSH]: The format of the public key

  • ssh_keys_generate_keys.{n}.force: [default: false]: Whether to regenerate the key pair if it already exists

  • ssh_keys_generate_keys.{n}.owner: [required]: The name of the user that should own the key pair

  • ssh_keys_generate_keys.{n}.group: [default: owner]: The name of the group that should own the key pair

  • ssh_keys_generate_keys.{n}.mode: [default: 0600]: The UNIX permission mode bits of the key pair

  • ssh_keys_generate_keys.{n}.passphrase: [default: '']: The passphrase for the private key

  • ssh_keys_generate_keys.{n}.size: [default: 4096]: Size in bits of the TLS/SSL key to generate

  • ssh_keys_generate_keys.{n}.type: [default: RSA]: The algorithm used to generate the private key

  • ssh_keys_generate_keys_command: [optional, default: _ssh_keys_generate_keys_command]:

  • ssh_keys_generate_keys_become: [optional, default: false]: Whether or not to use sudo when generating ssh keys (locally)

  • ssh_keys_private_keys: [default: []]: Private key declarations

  • ssh_keys_private_keys.{n}.owner: [required]: The name of the user that should own the file

  • ssh_keys_private_keys.{n}.group: [default: owner]: The name of the group that should own the file

  • ssh_keys_private_keys.{n}.mode: [default: 0600]: The UNIX permission mode bits of the file

  • ssh_keys_private_keys.{n}.src: [required]: The local path of the key

  • ssh_keys_private_keys.{n}.dest: [default: src | basename]: The remote path of the key (relative to home/.ssh/)

  • ssh_keys_private_keys.{n}.dest_absolute: [optional]: The remote path of the key

  • ssh_keys_private_keys.{n}.dest_managed: [default: true]: Whether or not the remote path of the key should be created

  • ssh_keys_private_keys.{n}.state: [default: present]: State

  • ssh_keys_public_keys: [default: []]: Public key declarations

  • ssh_keys_public_keys.{n}.owner: [required]: The name of the user that should own the file

  • ssh_keys_public_keys.{n}.group: [default: owner]: The name of the group that should own the file

  • ssh_keys_public_keys.{n}.mode: [default: 0644]: The UNIX permission mode bits of the file

  • ssh_keys_public_keys.{n}.src: [required]: The local path of the key

  • ssh_keys_public_keys.{n}.dest: [default: src | basename]: The remote path of the key (relative to home/.ssh/)

  • ssh_keys_public_keys.{n}.dest_absolute: [optional]: The remote path of the key

  • ssh_keys_public_keys.{n}.dest_managed: [default: true]: Whether or not the remote path of the key should be created

  • ssh_keys_public_keys.{n}.state: [default: present]: State

  • ssh_keys_authorized_keys: [default: []]: Authorized key declarations

  • ssh_keys_authorized_keys.{n}.owner: [required]: The name of the user that should own the file

  • ssh_keys_authorized_keys.{n}.src: [required]: The local path of the key

  • ssh_keys_authorized_keys.{n}.state: [optional, default: present]: State

  • ssh_keys_authorized_keys.{n}.path: [optional, default: authorized_keys]: Authorized keys file (absolute path, default to ~/.ssh/authorized_keys)

  • ssh_keys_known_hosts: [default: []]: Known hosts declarations

  • ssh_keys_known_hosts.{n}.hostname: [required]: The hostname

  • ssh_keys_known_hosts.{n}.enctype: [required]: The type of the fingerprint

  • ssh_keys_known_hosts.{n}.fingerprint: [required]: The actual fingerprint

Dependencies

None

Example

---
- hosts: all
  roles:
    - oefenweb.ssh-keys
  vars:
    ssh_keys_generate_keys:
      - path: ../../../files/ssh-keys/id_rsa
        comment: RSA key
    ssh_keys_private_keys:
      - owner: root
        src: "{{ playbook_dir }}/files/ssh-keys/id_rsa"
    ssh_keys_public_keys:
      - owner: root
        src: "{{ playbook_dir }}/files/ssh-keys/id_rsa.pub"
    ssh_keys_authorized_keys:
      - owner: root
        src: "{{ playbook_dir }}/files/ssh-keys/id_rsa.pub"
    ssh_keys_known_hosts:
      - hostname: github.com
        enctype: ssh-rsa
        fingerprint: 'AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=='

License

MIT

Author Information

  • Mark van Driel
  • Mischa ter Smitten

Feedback, bug-reports, requests, ...

Are welcome!