-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvars.template.yml
38 lines (36 loc) · 1.43 KB
/
vars.template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# vi: nowrap
---
ssh_ca_users:
- name: adeverteuil # Valid POSIX username
comment: Alexandre de Verteuil
ssh_keys:
- key: ecdsa-sha2-nistp256 AAAAE2VjZHNh......2zt4HI= adeverteuil@work-laptop
- key: ssh-rsa AAAAB3NzaC1yc2E......N30aU+jIn adeverteuil@work-laptop
state: absent # Remove this old SSH key
- name: jsmith
comment: John Smith
ssh_keys:
- ...
state: absent # Disabling the user
# You better define this variable in an Ansible Vault
ssh_ca_keypairs:
- name: iweb-sc-01
secret: |
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwpQh5AdhGSK5/yHjkjjBAT6tdMjeOapLUVUymiEeIxIc2GaI
3ivZ8ZaXX7WzbvSX8vXLw5DzpOHz+oa4gfUyKPePKv/WBKVP5qJrVY2R6AWINowL
[...]
dUBJmynMHRW1DicDedfkjBBQN2y/EOYYjX1nhLyNxPYCaL4fphc+kKHcY3bYubUq
UNB7VFkSAv6FEwFyWJKUlxfPX64btbIVXC71xdZrFkWX9Pwv06gc
-----END RSA PRIVATE KEY-----
public: ssh-rsa AAAAB3NzaC1yc.....TUHN65v iweb-sc-01
ssh_ca_configuration:
use_ca_key: iweb-sc-01 # The name of an ssh_ca_keypairs item
certificate_validity: "-10m:+10m" # -V option for key signing
certificate_options: # Options to add to the signed certificates, if any
- no-port-forwarding
- source-address=1.2.3.4/24,5.6.7.8/24
additional_host_principals: []
# Optional list of additional principal to include in the host
# certificates in case the hostname is different from the DNS name
# used to connect to the ssh-ca.