lilik_playbook

Playbooks to a new Lilik

History

Zolfa 1ca9f816d8 roles/ssh_server: multi key and OpenSSH v8 support Add support for OpenSSH v8 (ouput of `ssh-keygen` changed slightly) in module `ssh_cert` and use a better implementation for multiple user CA. Now we are reading user_ca from `group_vars/all.yaml`. `user_ca_keys` should be list of each allowed User CA on one host (in this way is easier to rotate CAs without reissuing keys to each user at the same time). The production CA must be the first one in the list. Host certificate will be checked only against the first CA and updated if their host key was issued from another CA in the list. For this reason now we are using a template to create `/etc/ssh/user_ca.pub` on the target, to preserve the key order. `group_vars/all.yaml.example` has been updated to reflect the new usage.	5 years ago
..
all.yaml.example	roles/ssh_server: multi key and OpenSSH v8 support	5 years ago

roles/ssh_server: multi key and OpenSSH v8 support

Add support for OpenSSH v8 (ouput of `ssh-keygen` changed slightly) in
module `ssh_cert` and use a better implementation for multiple user CA.

Now we are reading user_ca from `group_vars/all.yaml`.
`user_ca_keys` should be list of each allowed User CA on one host (in
this way is easier to rotate CAs without reissuing keys to each user at
the same time).
The production CA must be the first one in the list. Host certificate
will be checked only against the first CA and updated if their host key
was issued from another CA in the list.

For this reason now we are using a template to create
`/etc/ssh/user_ca.pub` on the target, to preserve the key order.

`group_vars/all.yaml.example` has been updated to reflect the new usage.

5 years ago

all.yaml.example

roles/ssh_server: multi key and OpenSSH v8 support

5 years ago