Add SSH keys to deploy-setup

This helps me set up new devices, while still keeping passworded SSH access locked down!
This commit is contained in:
Emi Matchu 2021-11-12 20:14:44 -08:00
parent 30d582a9c4
commit 07d54b9a9e
2 changed files with 21 additions and 0 deletions

View file

@ -0,0 +1,16 @@
# These are the SSH public keys that allow a user to log in and setup or deploy.
#
# It's dangerous to add a new key to this file! When you run
# `yarn deploy-setup`, it will copy these keys to the deploy server, which will
# allow the owner of these keys to log into the deploy server in the future.
#
# But the keys themselves aren't necessarily sensitive data, except for the name
# at the end, which might tell a reader about who is allowed to log in and what
# devices they own.
#
# When a computer tries to log in, it perform a cryptographic challenge that
# proves it owns this key - but that requires the *private* key, whereas this is
# the *public* key. That's why it's secure to publish these!
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID2/yLvpetD14BVK+Zd88ZofOxIfLRdl4FI2pdV+fmy3 Matchu's Desktop (Leviathan) WSL
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiJ3sc9YUHxsT7YPPQaIheaCW3ff05RpOCp1P9sSWXEXNI4Rh7dMt3Qf04mdv022fcuufNCK/QGGKRG47HPBdshBXUbHExZjVoQjvsD+A+u0zJ0NHiSHcvWGC8BzsSFU8u1Y/FDdsnEnqmk2IPrnOTbVyW9wpzKzRB5SK+IuuAEJvqqoF0z7zZ63jpkh9n5Smcd7lho0YvtwYjJhHgWCRqzxIXqXOcwYB9gterFSbvYOsWtothlSRdPEvBwjKQbinnyBJnLodfvVe2nxAxWKNF7bgXnq7OSIGHrxVOgHmUdMrSXKL+f6TytHNhq1xaTVtCffURZLH0SxDh59CTzS/l4HkRqvMGmozDLh5irtiDkVODbMS++ke395HjyVZp0msFHUHEUpljQSgjj/8WoTtiFmK6saB0qUlEAosUjhSkqwb4Fl8SccSI7txOTNk8r3vgLGAbgRbnodyRXqx5R9DJZM2CELHlrrHWEzMYVTfH+WhiUw6KimWwt1xZ+9IoyKM= Matchu's Laptop (Ebon Hawk)

View file

@ -4,6 +4,11 @@
vars: vars:
email_address: "emi@matchu.dev" # TODO: Extract this to personal config? email_address: "emi@matchu.dev" # TODO: Extract this to personal config?
tasks: tasks:
- name: Copy authorized SSH keys
copy:
dest: ~/.ssh/authorized_keys
src: ../authorized-ssh-keys.txt
- name: Disable root SSH login - name: Disable root SSH login
become: yes become: yes
lineinfile: lineinfile: