~comcloudway/ansible-ccw.icu: Fixed problem, where ssh lockdown would lock the user out of the user

66c202bacf830aa1662317041033a3efddde0f01 — Jakob Meier 1 year, 1 month ago edadc5a

Fixed problem, where ssh lockdown would lock the user out of the user
account; by copying the authorized_keys file (generated by ssh-copy-id)
to the users home directory

patch browse .tar.gz

2 files changed, 21 insertions(+), 0 deletions(-)

M README.org
M roles/system/tasks/user.yml

M README.org => README.org +9 -0

@@ 3,6 3,15 @@ Ansible Playbook I use to provision my Alpine Linux server
 
 * Requirements
 - ~ansible~ (~ansible-core~ is not enough, as I'm using ~community~ packages)
+- ~ssh~
+- ~py3-passlib~ (on Alpine Linux,
+  because the ~crypt~ module will be deprecated from python 3.13 onward)
+
+Because the ~system~ role will disable ~password-ssh-login~,
+you should copy your ssh key to your new machine
+#+begin_src bash
+ssh-copy-id root@<hostname/ip>
+#+end_src
 
 * Running
 As you might have noticed, from the ~.gitignore~,

M roles/system/tasks/user.yml => roles/system/tasks/user.yml +12 -0

@@ 17,6 17,18 @@
     shell: "{{ shell }}"
     update_password: on_create
 
+- name: Make sure the user has a .ssh directory
+  ansible.builtin.file:
+    path: "/home/{{ username }}/.ssh"
+    state: directory
+    recurse: true
+- name: Copy the root authorized ssh keys to user
+  ansible.builtin.copy:
+    src: /root/.ssh/authorized_keys
+    dest: "/home/{{ username }}/.ssh/authorized_keys"
+    remote_src: true
+    mode: "0644"
+
 - name: Enable passwordless doas for created user
   ansible.builtin.lineinfile:
     create: true