Add method to remove inactive SSH keys

This commit is contained in:
Joshua Boniface 2023-09-01 15:42:28 -04:00
parent 25dde4709b
commit ea9fe5570f
2 changed files with 28 additions and 0 deletions

View File

@ -110,6 +110,8 @@ admin_users:
uid: 500
keys:
- "ssh-ed25519 MyKey 2019-06"
removed:
- "ssh-ed25519 ObsoleteKey 2017-01"
# Backup user SSH user keys, for remote backups separate from administrative users (e.g. rsync)
# > Uncomment to activate this functionality.

View File

@ -838,6 +838,7 @@
authorized_key:
user: "{{ deploy_username }}"
key: "{{ item.1 }}"
state: present
with_subelements:
- "{{ admin_users }}"
- keys
@ -845,6 +846,18 @@
- users
- user-deploy
- name: remove authorized keys
authorized_key:
user: "{{ deploy_username }}"
key: "{{ item.1 }}"
state: absent
with_subelements:
- "{{ admin_users }}"
- removed
tags:
- users
- user-deploy
# admin_users
- name: ensure user exists
user:
@ -890,6 +903,7 @@
authorized_key:
user: "{{ item.0.name }}"
key: "{{ item.1 }}"
state: present
with_subelements:
- "{{ admin_users }}"
- keys
@ -897,6 +911,18 @@
- users
- user-admin
- name: remove authorized keys
authorized_key:
user: "{{ item.0.name }}"
key: "{{ item.1 }}"
state: absent
with_subelements:
- "{{ admin_users }}"
- removed
tags:
- users
- user-deploy
- name: write bashrc to homedir
template:
src: var/home/user/bashrc.j2