Criando usuário com acesso SSH Key

Criando usuário com acesso SSH Key

SSH Key

$ ssh-keygen -t ed25519 -f suporte
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in suporte
Your public key has been saved in suporte.pub
The key fingerprint is:
SHA256:lBD+Y/I+Y+fi/vCBK7l3HckS4jxFXRsF7qK/2r2t7vw vagrant@automation
The key's randomart image is:
+--[ED25519 256]--+
|      o.   . .+o.|
|     . . .. .. o |
|      . o.    o  |
|       o. o  .   |
|      .oSo o...  |
|       ++o..+.   |
|       .+.oo .   |
|      o.*+o+.o . |
|      .B=O=.++B+E|
+----[SHA256]-----+

Playbook

user-ssh-key.yaml

$ vim user-ssh-key.yaml 
---
- name: Manage user accounts 
  hosts: all
  tasks:
  - name: Add user
    user:
      name: suporte
      comment: "Suporte User"
      shell: /bin/bash
      state: present
  - name: Set authorized SSH key
    authorized_key:
      user: suporte
      state: present
      key: "{{ lookup('file', './suporte.pub') }}"
  - name: Add SUDO
    lineinfile:
      path: /etc/sudoers.d/suporte
      line: "suporte ALL=(ALL) NOPASSWD:ALL"
      state: present
      mode: 0440
      create: yes
      validate: '/usr/sbin/visudo -cf %s'

$ sudo ansible-playbook --syntax-check user-ssh-key.yaml 
 
playbook: user-ssh-key.yaml

$ sudo ansible-playbook user-ssh-key.yaml 
 
PLAY [Manage user accounts] ******************************************************************************************************************************************
 
TASK [Gathering Facts] ***********************************************************************************************************************************************
ok: [10.240.100.30]
ok: [10.240.100.20]
ok: [10.240.100.10]
 
TASK [Add user] ******************************************************************************************************************************************************
changed: [10.240.100.10]
changed: [10.240.100.30]
changed: [10.240.100.20]
 
TASK [Set authorized SSH key] ****************************************************************************************************************************************
changed: [10.240.100.30]
changed: [10.240.100.10]
changed: [10.240.100.20]
 
TASK [Add SUDO] ******************************************************************************************************************************************************
changed: [10.240.100.10]
changed: [10.240.100.30]
changed: [10.240.100.20]
 
PLAY RECAP ***********************************************************************************************************************************************************
10.240.100.10              : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
10.240.100.20              : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
10.240.100.30              : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

$ ssh -i suporte suporte@10.240.100.30
Linux deb-vm-03 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64
 
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
 
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

$ sudo -l
Entradas de Defaults correspondentes a suporte em deb-vm-03:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin
 
Usuário suporte pode executar os seguintes comandos em deb-vm-03:
    (ALL) NOPASSWD: ALL

Removendo o usuário

user-remove.yaml

$ cat user-remove.yaml 
---
- name: Remove user and files
  hosts: all
  tasks:
  - name: Remove user
    user:
      name: suporte
      state: absent
      remove: yes
      force: true
  - name: Remove SUDO file
    file:
      path: /etc/sudoers.d/suporte
      state: absent

$ sudo ansible-playbook user-remove.yaml 
 
PLAY [Remove user and files] *****************************************************************************************************************************************
 
TASK [Gathering Facts] ***********************************************************************************************************************************************
ok: [10.240.100.30]
ok: [10.240.100.20]
ok: [10.240.100.10]
 
TASK [Remove user] ***************************************************************************************************************************************************
ok: [10.240.100.30]
ok: [10.240.100.10]
ok: [10.240.100.20]
 
TASK [Remove SUDO file] **********************************************************************************************************************************************
changed: [10.240.100.30]
changed: [10.240.100.10]
changed: [10.240.100.20]
 
PLAY RECAP ***********************************************************************************************************************************************************
10.240.100.10              : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
10.240.100.20              : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
10.240.100.30              : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

Table of Contents

Criando usuário com acesso SSH Key

SSH Key

Playbook

Removendo o usuário