now managing ssh root keys

2017-10-16 02:29:26 +02:00 · 2017-10-16 02:29:26 +02:00 · a47c5fd378
commit a47c5fd378
parent d375846d9d
6 changed files with 67 additions and 7 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -2,13 +2,42 @@
  - name: copy sshd config
    template:
      src: ssh_sshd_config.j2
-      dest: /etc/ssh/sshd_config
+      dest: "{{ rootpath }}/etc/ssh/sshd_config"
      owner: root
      mode: 0644
+    register: ssh_config
+  
+  - name: copy ssh config
+    template:
+      src: ssh_config.j2
+      dest: "{{ rootpath }}/etc/ssh/ssh_config"
+      owner: root
+      mode: 0644
+
+  - name: create ssh folder for user root
+    file:
+      path: "{{ rootpath }}/root/.ssh"
+      state: directory
+      owner: root
+      group: root
+      mode: 0700
+
+  - name: write authorized_keys file for user root
+    template:
+      src: ssh_root_authorized_keys.j2
+      dest: "{{ rootpath }}/root/.ssh/authorized_keys"
+      owner: root
+      group: root
+      mode: 0600
+
+  - name: create ssh host keys
+    shell: "prefix=\"{{ rootpath }}\"; ssh-keygen -N \"\" -t ed25519 -f \"${prefix}/etc/ssh/ssh_host_ed25519_key\"; ssh-keygen -N \"\" -b 4096 -t rsa -f \"${prefix}/etc/ssh/ssh_host_rsa_key\"; ssh-keygen -N \"\" -b 521 -t ecdsa -f \"${prefix}/etc/ssh/ssh_host_ecdsa_key\""
+    args:
+      creates: "{{ rootpath }}/etc/ssh/ssh_host_ed25519_key"
+    register: ssh_hostkeys
+
+  - name: maybe restart sshd
+    meta: noop
+    changed_when: (ssh_hostkeys|changed or ssh_config|changed) and not rootpath == ''
    notify:
    - restart sshd
-#  - name: add ansible key
-#    authorized_key:
-#      user: root
-#      key: "{{ lookup('file', 'ansible-key.pub') }}"
-#      manage_dir: yes