You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 lines
1.4 KiB
51 lines
1.4 KiB
---
|
|
- name: Setup autossh-tunnel user for SSH tunneling
|
|
hosts: all
|
|
become: true
|
|
|
|
tasks:
|
|
- name: Create SSH configuration for autossh-tunnel
|
|
ansible.builtin.copy:
|
|
dest: /etc/ssh/sshd_config.d/autossh-tunnel.conf
|
|
content: |
|
|
# Custom autossh-tunnel Settings
|
|
Match User autossh-tunnel
|
|
AllowTcpForwarding yes
|
|
PubkeyAuthentication yes
|
|
PasswordAuthentication no
|
|
AllowAgentForwarding no
|
|
ForceCommand /bin/false
|
|
X11Forwarding no
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
validate: /usr/sbin/sshd -t -f %s
|
|
|
|
- name: Add autossh-tunnel user
|
|
ansible.builtin.user:
|
|
name: autossh-tunnel
|
|
comment: "autossh-tunnel user"
|
|
uid: 33333
|
|
group: nogroup
|
|
home: /home/autossh-tunnel
|
|
shell: /bin/false
|
|
create_home: yes
|
|
system: yes
|
|
|
|
- name: Setup authorized_keys for autossh-tunnel
|
|
ansible.builtin.blockinfile:
|
|
path: /home/autossh-tunnel/.ssh/authorized_keys
|
|
create: yes
|
|
block: |
|
|
{{ ssh_pub_key }} autossh-tunnel
|
|
owner: autossh-tunnel
|
|
group: nogroup
|
|
mode: '0600'
|
|
|
|
- name: Set permissions for .ssh directory
|
|
ansible.builtin.file:
|
|
path: /home/autossh-tunnel/.ssh
|
|
state: directory
|
|
owner: autossh-tunnel
|
|
group: nogroup
|
|
mode: '0700'
|