From ce0dac983fe1e05e873e6d7aa59b89c87218b324 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 16 Oct 2021 15:40:20 -0500 Subject: [PATCH] pyrocufflink: Set root password and SSH keys 1. Set a password for *root* on all machines (useful for logging in via serial console if network is down) 2. Set an authorized SSH key for root on all machines: * For Fedora 34, use my FIDO2 security token key * For all other hosts, use my ED25519 key --- group_vars/pyrocufflink/main.yml | 7 +++++++ group_vars/pyrocufflink/root-password | 15 +++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 group_vars/pyrocufflink/root-password diff --git a/group_vars/pyrocufflink/main.yml b/group_vars/pyrocufflink/main.yml index 44fba34..48d81bb 100644 --- a/group_vars/pyrocufflink/main.yml +++ b/group_vars/pyrocufflink/main.yml @@ -4,3 +4,10 @@ samba_use_winbind: true pam_winbind: true nss_winbind: true pam_mkhomedir: true + +root_authorized_keys: >- + {% if ansible_distribution == "Fedora" and ansible_distribution_version|int >= 34 %} + sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINZCN2cxMDwedJ1Ke23Z3CZRcOYjqW8fFqsooRus7RK0AAAABHNzaDo= dustin@rosalina.pyrocufflink.blue + {% else %} + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJsL5fSylmiJmBtW0DH/viAAmtU2E/2M17GPvysiyRs+ dustin@rosalina + {% endif %} diff --git a/group_vars/pyrocufflink/root-password b/group_vars/pyrocufflink/root-password new file mode 100644 index 0000000..74957a3 --- /dev/null +++ b/group_vars/pyrocufflink/root-password @@ -0,0 +1,15 @@ +$ANSIBLE_VAULT;1.1;AES256 +61356562653238383736396230336365316334303632343731303938326232336566653863376332 +3533306661663236613836643137656339633534653732340a303636616465616563353530373738 +31303965383836653831366632323366356631303436323132613731326534393730373036363761 +3532633438353364650a356137383232316131653638383465616337373139396266316633343930 +39356137363036663536646436363135353431396433366163666664376164353838316466653165 +61343738326232393366646361383263633532613630663835623365616233646634373432343731 +39353462643438316636353539353035323639623031346665646437636366363637383530343034 +65346538363733303339313130613639663566396435336564326432333461323332336239323435 +62336166386431383936306664663163373939316433373233643134303438656137303735656434 +33343438653733663238316134393632376666306530376464616535623732363162396634623963 +66616534636439343135313630643735623063376231393961643961356231303536626361383636 +31386131353836333432376461343736653964393030656135333337393966363136613438663439 +66316363393334666336623736613437616637306235656532366231623666313332343665616561 +3835633439353139626438663263343865383863663832623437