Skip to content

Ansible/BigSudo role to secure an SSH server and add users. Perfect for being the first command to run against a fresh server.

Notifications You must be signed in to change notification settings

yourlabs/yourlabs.ssh

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

yourlabs.ssh

Ansible/BigSudo role to secure an SSH server and add users.

This role is particularily important because it's default behaviour is to setup the remote host for easy further ansible/bigsudo calls.

Perfect for being the first command to run against a fresh server

First touch of a server

For example with Online.Net (my favority host since 2005, best bandwidth that I know of), I get a host ip with a user password and a root password and some OS that I have choosen.

Before doing any Ansible job conveniently, the server needs to have my $USER with my key (take it from github), sudo: ALL, forbid sshd password login, and of course python but bigsudo deals with that last part by itself.

I will run this command:

bigsudo yourlabs.ssh user@host --become-method=su --ask-become-pass

And then to add a friend that doesn't have a github key:

bigsudo yourlabs.ssh adduser username=jimi key=https://yourlabs.io/hendrix.keys sudos='["ALL"]' --become -v @host

Other examples

Example usages:

# configure ssh as sudo, will add a sudo group with passwordless sudo
bigsudo yourlabs.ssh user@host -v

# add a user with its github ssh keys with passwordless sudo
bigsudo yourlabs.ssh user@host adduser username=jpic usergroups=sudo

# add a user with a specific keys from a url
bigsudo yourlabs.ssh user@host adduser username=jpic key=https://yourlabs.io/jpic.keys

Vagrant/VirtualBox

You can work in a VM if you have vagrant:

cd yourlabs.ssh
vagrant destroy -f && vagrant up
vagrant ssh-config > ssh
bigsudo . --ssh-common-args="-F ssh" @default -v

About

Ansible/BigSudo role to secure an SSH server and add users. Perfect for being the first command to run against a fresh server.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published