Add SSH keys to deploy-setup
This helps me set up new devices, while still keeping passworded SSH access locked down!
This commit is contained in:
parent
30d582a9c4
commit
07d54b9a9e
2 changed files with 21 additions and 0 deletions
16
deploy/authorized-ssh-keys.txt
Normal file
16
deploy/authorized-ssh-keys.txt
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
# These are the SSH public keys that allow a user to log in and setup or deploy.
|
||||||
|
#
|
||||||
|
# It's dangerous to add a new key to this file! When you run
|
||||||
|
# `yarn deploy-setup`, it will copy these keys to the deploy server, which will
|
||||||
|
# allow the owner of these keys to log into the deploy server in the future.
|
||||||
|
#
|
||||||
|
# But the keys themselves aren't necessarily sensitive data, except for the name
|
||||||
|
# at the end, which might tell a reader about who is allowed to log in and what
|
||||||
|
# devices they own.
|
||||||
|
#
|
||||||
|
# When a computer tries to log in, it perform a cryptographic challenge that
|
||||||
|
# proves it owns this key - but that requires the *private* key, whereas this is
|
||||||
|
# the *public* key. That's why it's secure to publish these!
|
||||||
|
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID2/yLvpetD14BVK+Zd88ZofOxIfLRdl4FI2pdV+fmy3 Matchu's Desktop (Leviathan) WSL
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiJ3sc9YUHxsT7YPPQaIheaCW3ff05RpOCp1P9sSWXEXNI4Rh7dMt3Qf04mdv022fcuufNCK/QGGKRG47HPBdshBXUbHExZjVoQjvsD+A+u0zJ0NHiSHcvWGC8BzsSFU8u1Y/FDdsnEnqmk2IPrnOTbVyW9wpzKzRB5SK+IuuAEJvqqoF0z7zZ63jpkh9n5Smcd7lho0YvtwYjJhHgWCRqzxIXqXOcwYB9gterFSbvYOsWtothlSRdPEvBwjKQbinnyBJnLodfvVe2nxAxWKNF7bgXnq7OSIGHrxVOgHmUdMrSXKL+f6TytHNhq1xaTVtCffURZLH0SxDh59CTzS/l4HkRqvMGmozDLh5irtiDkVODbMS++ke395HjyVZp0msFHUHEUpljQSgjj/8WoTtiFmK6saB0qUlEAosUjhSkqwb4Fl8SccSI7txOTNk8r3vgLGAbgRbnodyRXqx5R9DJZM2CELHlrrHWEzMYVTfH+WhiUw6KimWwt1xZ+9IoyKM= Matchu's Laptop (Ebon Hawk)
|
|
@ -4,6 +4,11 @@
|
||||||
vars:
|
vars:
|
||||||
email_address: "emi@matchu.dev" # TODO: Extract this to personal config?
|
email_address: "emi@matchu.dev" # TODO: Extract this to personal config?
|
||||||
tasks:
|
tasks:
|
||||||
|
- name: Copy authorized SSH keys
|
||||||
|
copy:
|
||||||
|
dest: ~/.ssh/authorized_keys
|
||||||
|
src: ../authorized-ssh-keys.txt
|
||||||
|
|
||||||
- name: Disable root SSH login
|
- name: Disable root SSH login
|
||||||
become: yes
|
become: yes
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
Loading…
Reference in a new issue