This website works better with JavaScript.
Home
Help
Sign In
LILiK
/
lilik_playbook
Watch
5
Star
0
Fork
0
Code
Issues
0
Pull Requests
0
Releases
0
Wiki
Activity
Playbooks to a new Lilik
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
381
Commits
12
Branches
967 KiB
Tree:
fafcb7151f
letsencrypt-seafile
logger
mail
master
nginx-letsencrypt
phabricator
pull/1/master
pydio
python3
services
static_group_user_dovecot
update_ca_key
Branches
Tags
${ item.name }
Create branch
${ searchTerm }
from 'fafcb7151f'
${ noResults }
lilik_playbook
/
roles
/
ssh_server
/
templates
/
user_ca.pub.j2
4 lines
53 B
Raw
Normal View
History
fixup! Give Variable a Scope Refactoring
5 years ago
roles/ssh_server: multi key and OpenSSH v8 support Add support for OpenSSH v8 (ouput of `ssh-keygen` changed slightly) in module `ssh_cert` and use a better implementation for multiple user CA. Now we are reading user_ca from `group_vars/all.yaml`. `user_ca_keys` should be list of each allowed User CA on one host (in this way is easier to rotate CAs without reissuing keys to each user at the same time). The production CA must be the first one in the list. Host certificate will be checked only against the first CA and updated if their host key was issued from another CA in the list. For this reason now we are using a template to create `/etc/ssh/user_ca.pub` on the target, to preserve the key order. `group_vars/all.yaml.example` has been updated to reflect the new usage.
5 years ago
{% for key in ssh_user_ca %}
{{ key }}
{% endfor %}
