Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dependabot/pip/ansible-9.4.0
dependabot/github_actions/actions/setup-python-5.1.0
fix/14704
dependabot/pip/jinja2-approx-eq-3.1.3
v1.1
v1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '35faf4bca7'
${ noResults }
algo/roles/ssh_tunneling/tasks/main.yml

70 lines
2.1 KiB
YAML
Raw Blame History

---
- set_fact:
IP_subject_alt_name: "{{ IP_subject_alt_name }}"
- name: Ensure that the sshd_config file has desired options
blockinfile:
dest: /etc/ssh/sshd_config
marker: '# ANSIBLE_MANAGED_ssh_tunneling_role'
block: |
Match Group algo
AllowTcpForwarding local
AllowAgentForwarding no
AllowStreamLocalForwarding no
PermitTunnel no
X11Forwarding no
notify:
- restart ssh
- name: Ensure that the algo group exist
group: name=algo state=present
- name: Ensure that the jail directory exist
file: path=/var/jail/ state=directory mode=0755 owner=root group=root
- name: Ensure that the SSH users exist
user:
name: "{{ item }}"
groups: algo
home: '/var/jail/{{ item }}'
createhome: yes
generate_ssh_key: yes
shell: /bin/false
ssh_key_type: rsa
ssh_key_bits: 2048
ssh_key_comment: '{{ item }}@{{ IP_subject_alt_name }}'
ssh_key_passphrase: "{{ easyrsa_p12_export_password }}"
state: present
append: yes
with_items: "{{ users }}"
- name: The authorized keys file created
file:
src: '/var/jail/{{ item }}/.ssh/id_rsa.pub'
dest: '/var/jail/{{ item }}/.ssh/authorized_keys'
owner: "{{ item }}"
group: "{{ item }}"
state: link
with_items: "{{ users }}"
- name: Generate SSH fingerprints
shell: >
ssh-keyscan {{ IP_subject_alt_name }} 2>/dev/null
register: ssh_fingerprints
- name: The known_hosts file created
template: src=known_hosts.j2 dest=/root/.ssh/{{ IP_subject_alt_name }}_known_hosts
- name: Fetch users SSH private keys
fetch: src='/var/jail/{{ item }}/.ssh/id_rsa' dest=configs/{{ IP_subject_alt_name }}/{{ IP_subject_alt_name }}_{{ item }}.ssh.pem flat=yes
with_items: "{{ users }}"
- name: Change mode for SSH private keys
local_action: file path=configs/{{ IP_subject_alt_name }}/{{ IP_subject_alt_name }}_{{ item }}.ssh.pem mode=0600
with_items: "{{ users }}"
become: false
- name: Fetch the known_hosts file
fetch: src='/root/.ssh/{{ IP_subject_alt_name }}_known_hosts' dest=configs/{{ IP_subject_alt_name }}/{{ IP_subject_alt_name }}_known_hosts flat=yes
Reference in New Issue View Git Blame Copy Permalink