From 66c202bacf830aa1662317041033a3efddde0f01 Mon Sep 17 00:00:00 2001 From: Jakob Meier Date: Sun, 23 Jul 2023 09:29:01 +0200 Subject: [PATCH] Fixed problem, where ssh lockdown would lock the user out of the user account; by copying the authorized_keys file (generated by ssh-copy-id) to the users home directory --- README.org | 9 +++++++++ roles/system/tasks/user.yml | 12 ++++++++++++ 2 files changed, 21 insertions(+) diff --git a/README.org b/README.org index 9358bdf..48cbe62 100644 --- a/README.org +++ b/README.org @@ -3,6 +3,15 @@ Ansible Playbook I use to provision my Alpine Linux server * Requirements - ~ansible~ (~ansible-core~ is not enough, as I'm using ~community~ packages) +- ~ssh~ +- ~py3-passlib~ (on Alpine Linux, + because the ~crypt~ module will be deprecated from python 3.13 onward) + +Because the ~system~ role will disable ~password-ssh-login~, +you should copy your ssh key to your new machine +#+begin_src bash +ssh-copy-id root@ +#+end_src * Running As you might have noticed, from the ~.gitignore~, diff --git a/roles/system/tasks/user.yml b/roles/system/tasks/user.yml index cfe9189..8778d16 100644 --- a/roles/system/tasks/user.yml +++ b/roles/system/tasks/user.yml @@ -17,6 +17,18 @@ shell: "{{ shell }}" update_password: on_create +- name: Make sure the user has a .ssh directory + ansible.builtin.file: + path: "/home/{{ username }}/.ssh" + state: directory + recurse: true +- name: Copy the root authorized ssh keys to user + ansible.builtin.copy: + src: /root/.ssh/authorized_keys + dest: "/home/{{ username }}/.ssh/authorized_keys" + remote_src: true + mode: "0644" + - name: Enable passwordless doas for created user ansible.builtin.lineinfile: create: true -- 2.38.5