wikiv2:ansible_user_sshkey
Table of Contents
Criando usuário com acesso SSH Key
SSH Key
$ ssh-keygen -t ed25519 -f suporte Generating public/private ed25519 key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in suporte Your public key has been saved in suporte.pub The key fingerprint is: SHA256:lBD+Y/I+Y+fi/vCBK7l3HckS4jxFXRsF7qK/2r2t7vw vagrant@automation The key's randomart image is: +--[ED25519 256]--+ | o. . .+o.| | . . .. .. o | | . o. o | | o. o . | | .oSo o... | | ++o..+. | | .+.oo . | | o.*+o+.o . | | .B=O=.++B+E| +----[SHA256]-----+
Playbook
- user-ssh-key.yaml
$ vim user-ssh-key.yaml --- - name: Manage user accounts hosts: all tasks: - name: Add user user: name: suporte comment: "Suporte User" shell: /bin/bash state: present - name: Set authorized SSH key authorized_key: user: suporte state: present key: "{{ lookup('file', './suporte.pub') }}" - name: Add SUDO lineinfile: path: /etc/sudoers.d/suporte line: "suporte ALL=(ALL) NOPASSWD:ALL" state: present mode: 0440 create: yes validate: '/usr/sbin/visudo -cf %s'
$ sudo ansible-playbook --syntax-check user-ssh-key.yaml playbook: user-ssh-key.yaml
$ sudo ansible-playbook user-ssh-key.yaml PLAY [Manage user accounts] ****************************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************************************** ok: [10.240.100.30] ok: [10.240.100.20] ok: [10.240.100.10] TASK [Add user] ****************************************************************************************************************************************************** changed: [10.240.100.10] changed: [10.240.100.30] changed: [10.240.100.20] TASK [Set authorized SSH key] **************************************************************************************************************************************** changed: [10.240.100.30] changed: [10.240.100.10] changed: [10.240.100.20] TASK [Add SUDO] ****************************************************************************************************************************************************** changed: [10.240.100.10] changed: [10.240.100.30] changed: [10.240.100.20] PLAY RECAP *********************************************************************************************************************************************************** 10.240.100.10 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 10.240.100.20 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 10.240.100.30 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
$ ssh -i suporte suporte@10.240.100.30 Linux deb-vm-03 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.
$ sudo -l Entradas de Defaults correspondentes a suporte em deb-vm-03: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin Usuário suporte pode executar os seguintes comandos em deb-vm-03: (ALL) NOPASSWD: ALL
Removendo o usuário
- user-remove.yaml
$ cat user-remove.yaml --- - name: Remove user and files hosts: all tasks: - name: Remove user user: name: suporte state: absent remove: yes force: true - name: Remove SUDO file file: path: /etc/sudoers.d/suporte state: absent
$ sudo ansible-playbook user-remove.yaml PLAY [Remove user and files] ***************************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************************************** ok: [10.240.100.30] ok: [10.240.100.20] ok: [10.240.100.10] TASK [Remove user] *************************************************************************************************************************************************** ok: [10.240.100.30] ok: [10.240.100.10] ok: [10.240.100.20] TASK [Remove SUDO file] ********************************************************************************************************************************************** changed: [10.240.100.30] changed: [10.240.100.10] changed: [10.240.100.20] PLAY RECAP *********************************************************************************************************************************************************** 10.240.100.10 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 10.240.100.20 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 10.240.100.30 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
wikiv2/ansible_user_sshkey.txt · Last modified: by 127.0.0.1