Day three: enhance SSH security in two separate phases. Closes #3
This commit is contained in:
parent
198242e1d5
commit
197ac5d0ef
4 changed files with 166 additions and 0 deletions
45
phase1user.yml
Normal file
45
phase1user.yml
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
---
|
||||
- name: Create admin user
|
||||
hosts: UpskillChallengeNode
|
||||
|
||||
vars:
|
||||
newusername: "tachyon"
|
||||
|
||||
vars_prompt:
|
||||
- name: "passhash"
|
||||
prompt: "Password for the user account"
|
||||
private: yes
|
||||
encrypt: "sha512_crypt"
|
||||
confirm: yes
|
||||
|
||||
tasks:
|
||||
- name: install sudo
|
||||
ansible.builtin.apt:
|
||||
package: sudo
|
||||
state: present
|
||||
|
||||
- name: create user
|
||||
ansible.builtin.user:
|
||||
name: "{{ newusername }}"
|
||||
password: "{{ passhash }}"
|
||||
groups:
|
||||
- sudo
|
||||
state: present
|
||||
shell: /bin/bash
|
||||
createhome: yes
|
||||
|
||||
- name: set public key authentication
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ newusername }}"
|
||||
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDjO4ZEQxOZk0IZ1JgRP0AsO6/mIxSB8lojjq+dX2oIH8VTS2UxnwsrKx0DMn+qomUWk4HuYwRwPpWjP68+C+t3hqehhXpdM83YE+favA/VEtbTJnLVf0dq3RPzxuvtYsfpaiYF8/ctEaLAiXIgcpIAf0jOv7FTNADUBLhsV1KbpWneJqKquqroE1e6lCPoU968yWeZkzxCx8VpQ7uBDktJTosLNsm7wEtiKmlSdVE0cYUrNS+/VIoNE2Fr5xjqOlZHFhM5BBlUqqiVxWSpGizr+CGq+xhuOByGtqLgnmvju8oG2KkYhN/5LTMCRtpTwgRmjdU6oA7a8psFyu16iMpupmhPTc0aT3F7X5fiCWOiYDF0VvYNLVYRXzqm9UOy5OI3fCFnvERaheiNEm484OgWm/kUqHQWqlN30Tk9POY022QsDAVKPMCG3kSsAeM1LFsZE1fsleG31g5yicLqgQbw/v2fqGvklT0z5D2uXXuUEqM0aBNSysLWYvChGTfUZtk= john@arecibo
|
||||
|
||||
|
||||
- name: grant {{ newusername }} passwordless sudo access
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/sudoers
|
||||
regexp: '^%sudo'
|
||||
line: "%sudo ALL=(ALL:ALL) NOPASSWD: ALL"
|
||||
validate: 'visudo -cf %s'
|
||||
|
||||
|
||||
|
||||
Reference in a new issue