Added the public keys of knox and buttercup as well

Disabled password logins to harden the system
This commit is contained in:
2021-09-12 18:46:41 +05:30
parent 5bea488181
commit c478290da0
2 changed files with 32 additions and 4 deletions

View File

@ -59,6 +59,33 @@
line: "{{ peitho_key }}"
when: peithokey_test.stdout == "0"
- name: Check Knox public key
shell: "grep -c \"{{ knox_key }}\" /home/pi/.ssh/authorized_keys || true"
register: knoxkey_test
- name: Add Knox public key
lineinfile:
dest: /home/pi/.ssh/authorized_keys
line: "{{ knox_key }}"
when: knoxkey_test.stdout == "0"
- name: Check Buttercup public key
shell: "grep -c \"{{ buttercup_key }}\" /home/pi/.ssh/authorized_keys || true"
register: buttercupkey_test
- name: Add Buttercup public key
lineinfile:
dest: /home/pi/.ssh/authorized_keys
line: "{{ buttercup_key }}"
when: buttercupkey_test.stdout == "0"
- name: Update the sshd config file to disable password logins
replace:
path: /etc/ssh/sshd_config
regexp: '(\s+)#PasswordAuthentication yes(\s+.*)?$'
replace: "\\1PasswordAuthentication no\\2"
backup: yes
- name: Check if .ssh config file exists
stat:
path: /home/pi/.ssh/config
@ -93,7 +120,6 @@
become: yes
become_user: pi
shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "pi@{{ hostname }} $(date '+%Y.%m.%d')" -N ""
# shell: ssh-keygen -t rsa -b 4096 -q -f /home/pi/.ssh/id_rsa -C "$(whoami)@$(hostname) $(date '+%Y.%m.%d')" -N ""
- name: Install Docker
shell: curl -sSL https://get.docker.com | sh
@ -136,7 +162,7 @@
state: started
name: knox-redis-tunnel
- name: install knox-redis-tunnel systemd unit file
- name: install gotthard systemd unit file
template:
src: "files/gotthard.service"
dest: "/etc/systemd/system/gotthard.service"