public-health-ch/ansible/roles/dev-sec.ssh-hardening/tasks/ca_keys_and_principals.yml

---
- name: Set ssh CA pub keys
  template:
    src: 'trusted_user_ca_keys.j2'
    dest: '{{ ssh_trusted_user_ca_keys_file }}'
    mode: '0644'
    owner: '{{ ssh_owner }}'
    group: '{{ ssh_group }}'
  notify: restart sshd

- name: Create ssh authorized principals directories
  file:
    path: '{{ item.path | dirname }}'
    mode: '{{ item.directorymode | default(0700) }}'
    owner: '{{ item.directoryowner | default(ssh_owner) }}'
    group: '{{ item.directorygroup | default(ssh_group) }}'
    state: directory
  with_items: '{{ ssh_authorized_principals }}'

- name: Set ssh authorized principals
  template:
    src: 'authorized_principals.j2'
    dest: '{{ item.path }}'
    mode: '{{ item.filemode | default(0600) }}'
    owner: '{{ item.owner| default(ssh_owner) }}'
    group: '{{ item.group | default(ssh_group) }}'
  with_items: '{{ ssh_authorized_principals }}'
Updated Ansible roles 2018-12-17 12:50:15 +00:00			`---`
			`- name: Set ssh CA pub keys`
			`template:`
			`src: 'trusted_user_ca_keys.j2'`
			`dest: '{{ ssh_trusted_user_ca_keys_file }}'`
			`mode: '0644'`
			`owner: '{{ ssh_owner }}'`
			`group: '{{ ssh_group }}'`
			`notify: restart sshd`

			`- name: Create ssh authorized principals directories`
			`file:`
			`path: '{{ item.path \| dirname }}'`
			`mode: '{{ item.directorymode \| default(0700) }}'`
			`owner: '{{ item.directoryowner \| default(ssh_owner) }}'`
			`group: '{{ item.directorygroup \| default(ssh_group) }}'`
			`state: directory`
			`with_items: '{{ ssh_authorized_principals }}'`

			`- name: Set ssh authorized principals`
			`template:`
			`src: 'authorized_principals.j2'`
			`dest: '{{ item.path }}'`
			`mode: '{{ item.filemode \| default(0600) }}'`
			`owner: '{{ item.owner\| default(ssh_owner) }}'`
			`group: '{{ item.group \| default(ssh_group) }}'`
			`with_items: '{{ ssh_authorized_principals }}'`