Manage ssh public key authentication (public / private / authorized keys and known hosts) in Debian-like systems.
None
-
ssh_keys_generate_keys: [default:[]]: Keys to generate locally -
ssh_keys_generate_keys.{n}.path: [required] The local path where the key should be generated -
ssh_keys_generate_keys.{n}.cipher: [default:None]: The cipher to encrypt the private key -
ssh_keys_generate_keys.{n}.format: [default:OpenSSH]: The format of the public key -
ssh_keys_generate_keys.{n}.force: [default:false]: Whether to regenerate the key pair if it already exists -
ssh_keys_generate_keys.{n}.owner: [required]: The name of the user that should own the key pair -
ssh_keys_generate_keys.{n}.group: [default:owner]: The name of the group that should own the key pair -
ssh_keys_generate_keys.{n}.mode: [default:0600]: The UNIX permission mode bits of the key pair -
ssh_keys_generate_keys.{n}.passphrase: [default:'']: The passphrase for the private key -
ssh_keys_generate_keys.{n}.size: [default:4096]: Size in bits of the TLS/SSL key to generate -
ssh_keys_generate_keys.{n}.type: [default:RSA]: The algorithm used to generate the private key -
ssh_keys_generate_keys_command: [optional, default:_ssh_keys_generate_keys_command]: -
ssh_keys_generate_keys_become: [optional, default:false]: Whether or not to usesudowhen generating ssh keys (locally) -
ssh_keys_private_keys: [default:[]]: Private key declarations -
ssh_keys_private_keys.{n}.owner: [required]: The name of the user that should own the file -
ssh_keys_private_keys.{n}.group: [default:owner]: The name of the group that should own the file -
ssh_keys_private_keys.{n}.mode: [default:0600]: The UNIX permission mode bits of the file -
ssh_keys_private_keys.{n}.src: [required]: The local path of the key -
ssh_keys_private_keys.{n}.dest: [default:src | basename]: The remote path of the key (relative tohome/.ssh/) -
ssh_keys_private_keys.{n}.dest_absolute: [optional]: The remote path of the key -
ssh_keys_private_keys.{n}.dest_managed: [default:true]: Whether or not the remote path of the key should be created -
ssh_keys_private_keys.{n}.state: [default:present]: State -
ssh_keys_public_keys: [default:[]]: Public key declarations -
ssh_keys_public_keys.{n}.owner: [required]: The name of the user that should own the file -
ssh_keys_public_keys.{n}.group: [default:owner]: The name of the group that should own the file -
ssh_keys_public_keys.{n}.mode: [default:0644]: The UNIX permission mode bits of the file -
ssh_keys_public_keys.{n}.src: [required]: The local path of the key -
ssh_keys_public_keys.{n}.dest: [default:src | basename]: The remote path of the key (relative tohome/.ssh/) -
ssh_keys_public_keys.{n}.dest_absolute: [optional]: The remote path of the key -
ssh_keys_public_keys.{n}.dest_managed: [default:true]: Whether or not the remote path of the key should be created -
ssh_keys_public_keys.{n}.state: [default:present]: State -
ssh_keys_authorized_keys: [default:[]]: Authorized key declarations -
ssh_keys_authorized_keys.{n}.owner: [required]: The name of the user that should own the file -
ssh_keys_authorized_keys.{n}.src: [required]: The local path of the key -
ssh_keys_authorized_keys.{n}.state: [optional, default:present]: State -
ssh_keys_authorized_keys.{n}.path: [optional, default:authorized_keys]: Authorized keys file (absolute path, default to~/.ssh/authorized_keys) -
ssh_keys_known_hosts: [default:[]]: Known hosts declarations -
ssh_keys_known_hosts.{n}.hostname: [required]: The hostname -
ssh_keys_known_hosts.{n}.enctype: [required]: The type of the fingerprint -
ssh_keys_known_hosts.{n}.fingerprint: [required]: The actual fingerprint
None
---
- hosts: all
roles:
- oefenweb.ssh-keys
vars:
ssh_keys_generate_keys:
- path: ../../../files/ssh-keys/id_rsa
comment: RSA key
ssh_keys_private_keys:
- owner: root
src: "{{ playbook_dir }}/files/ssh-keys/id_rsa"
ssh_keys_public_keys:
- owner: root
src: "{{ playbook_dir }}/files/ssh-keys/id_rsa.pub"
ssh_keys_authorized_keys:
- owner: root
src: "{{ playbook_dir }}/files/ssh-keys/id_rsa.pub"
ssh_keys_known_hosts:
- hostname: github.com
enctype: ssh-rsa
fingerprint: 'AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=='MIT
- Mark van Driel
- Mischa ter Smitten
Are welcome!
