diff --git a/deploy/authorized-ssh-keys.txt b/deploy/authorized-ssh-keys.txt new file mode 100644 index 0000000..5f76856 --- /dev/null +++ b/deploy/authorized-ssh-keys.txt @@ -0,0 +1,16 @@ +# These are the SSH public keys that allow a user to log in and setup or deploy. +# +# It's dangerous to add a new key to this file! When you run +# `yarn deploy-setup`, it will copy these keys to the deploy server, which will +# allow the owner of these keys to log into the deploy server in the future. +# +# But the keys themselves aren't necessarily sensitive data, except for the name +# at the end, which might tell a reader about who is allowed to log in and what +# devices they own. +# +# When a computer tries to log in, it perform a cryptographic challenge that +# proves it owns this key - but that requires the *private* key, whereas this is +# the *public* key. That's why it's secure to publish these! + +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID2/yLvpetD14BVK+Zd88ZofOxIfLRdl4FI2pdV+fmy3 Matchu's Desktop (Leviathan) WSL +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiJ3sc9YUHxsT7YPPQaIheaCW3ff05RpOCp1P9sSWXEXNI4Rh7dMt3Qf04mdv022fcuufNCK/QGGKRG47HPBdshBXUbHExZjVoQjvsD+A+u0zJ0NHiSHcvWGC8BzsSFU8u1Y/FDdsnEnqmk2IPrnOTbVyW9wpzKzRB5SK+IuuAEJvqqoF0z7zZ63jpkh9n5Smcd7lho0YvtwYjJhHgWCRqzxIXqXOcwYB9gterFSbvYOsWtothlSRdPEvBwjKQbinnyBJnLodfvVe2nxAxWKNF7bgXnq7OSIGHrxVOgHmUdMrSXKL+f6TytHNhq1xaTVtCffURZLH0SxDh59CTzS/l4HkRqvMGmozDLh5irtiDkVODbMS++ke395HjyVZp0msFHUHEUpljQSgjj/8WoTtiFmK6saB0qUlEAosUjhSkqwb4Fl8SccSI7txOTNk8r3vgLGAbgRbnodyRXqx5R9DJZM2CELHlrrHWEzMYVTfH+WhiUw6KimWwt1xZ+9IoyKM= Matchu's Laptop (Ebon Hawk) diff --git a/deploy/playbooks/setup.yml b/deploy/playbooks/setup.yml index 1719402..9279d5b 100644 --- a/deploy/playbooks/setup.yml +++ b/deploy/playbooks/setup.yml @@ -4,6 +4,11 @@ vars: email_address: "emi@matchu.dev" # TODO: Extract this to personal config? tasks: + - name: Copy authorized SSH keys + copy: + dest: ~/.ssh/authorized_keys + src: ../authorized-ssh-keys.txt + - name: Disable root SSH login become: yes lineinfile: