added steps to secure Authentication w/o Password

f911c789 · therojam · f92cc6f3 · f911c789 · f911c789 · f911c789
Commit f911c789 authored 3 years ago by therojam
--- a/README.md
+++ b/README.md
@@ -39,11 +39,16 @@ yunohost:
      firstname: Jane
      lastname: Doe
      domain: {{ domain }} 
-    - name: user1 # user which uses the first extra_domain for its account
+    - name: user2 # user which uses the first extra_domain for its account
      pass: p@ssw0rd
-      firstname: Jane
+      firstname: John 
      lastname: Doe
      domain: {{ extra_domain.[1] }} 
+  admin_users: 
+    - name: admin # user generated by yunohost as its admin user  
+      key: ssh-rsa ... # key for admin user 
+    - name: user1 # user generated by yunohost and defined by you  
+      key: ssh-rsa ... # key for  
 ```

 Dependencies

--- a/default/main.yml
+++ b/default/main.yml
@@ -6,3 +6,4 @@ yunohost:
  ignore_dyndns: False
  apps: ~
  users: ~
+  admin_users: 
--- a/tasks/admin_users.yml
+++ b/tasks/admin_users.yml
+---
+- name: add sshkey for admin user:
+  ansible.posix.authorized_key:
+    user: "{{ item.name }}"
+    state: present
+    key: "{{ item.key }}"
+  loop: "{{ yunohost.admin_users }}"
+
+- name: Disable Password Authentication for ssh.usage
+  ansible.builtin.replace:
+    path: /etc/ssh/sshd_config
+    regex: PasswordAuthentication
+    replace: 'PasswordAuthentication no\1' 
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -45,6 +45,10 @@
  ansible.builtin.include: users.yml
  when: yunohost.users

+- name: Add ssh for admin user
+  ansible.builtin.include: admin_users.yml
+  when: yunohost.admin_users is defined
+
 - name: Install apps
  ansible.builtin.include: apps.yml
  when: yunohost.apps