ansible authorized_key模块

目录

ansible authorized_key模块

复制公钥,设置免密登录的作用

使用模版

- name: set authorized key
  authorized_key:
  	user: user1
  	state: present
  	key: "{{ lookup('file','/home/user1/.ssh/id_rsa.pub') }}"

修改sudoers和禁止root用户登录

  • name: 创建用户练习
    hosts: all
    vars_files:

    • vars/users_vars.yml
      tasks:

    • name: 创建用户组
      group:
      name: webadmin
      state: present

    • name: 创建用户
      user:
      name: "{{ item.username }}"
      groups: webadmin
      loop: "{{ users }}"

    • name: 复制公钥
      authorized_key:
      user: "{{ item.username }}"
      state: present
      key: "{{ lookup('file','files/'+ item.username + '.key.pub') }}"
      loop: "{{ users }}"

    • name: 修改sudoers以允许webadmin组免密sudo
      copy:
      content: "%webadmin ALL=(ALL) NOPASSWD: ALL"
      dest: /etc/sudoers.d/webadmin
      mode: 0440

    • name: 关闭root的远程登录
      lineinfile:
      dest: /etc/ssh/sshd_config
      regexp: "^PermitRootLogin"
      line: "PermitRootLogin no"
      notify: Restart sshd

    handlers:

    • name: Restart sshd
      service:
      name: sshd
      state: restarted
posted @ 2023-03-17 13:37  liwenchao1995  阅读(124)  评论(0)    收藏  举报