dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity

gw1: Enable pam_ssh_agent_auth for sudo

Browse Source 
This machine is _not_ a member of the _pyrocufflink.blue_ AD domain, so
it does not inherit the settings from that group.  Also, Jenkins does
not manage it, so only my personal keys are authorized.
This commit is contained in:
Dustin
2024-01-28 12:15:18 -06:00
parent 6bad6dcb7a
commit 1bff9b2649
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
host_vars/gw1.pyrocufflink.blue/main.yml
View File

@@ -13,3 +13,11 @@ nut_monitor_password: !vault |
3866663235393232320a386230346639643836623063373634383966663334626136313234333435
33313038643935343635366365626630613365316233393536373232616563396636323064366631
3734346263623832396439386463323430323437643537623262
sudo_use_pam_ssh_agent: true
sudo_authorized_ssh_keys: |
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIF4yQAS0bAQ9Ymxgxv828MsX0z4ff/Fs//0PQOtPexRJAAAABHNzaDo= dustin@rosalina.pyrocufflink.blue
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINal4+Gn/KuyP6YTsQuW4cphfDcjrS428osVIqnqMfagAAAABHNzaDo= dustin@luma.pyrocufflink.blue
# Default flags include -n, which makes Ansible complain about a "missing
# become password," even though it would never actually prompt for one.
ansible_become_flags: -H