https://github.com/carlossemeao/ansible-control-node
Ansible control node with hardened SSH, Tailscale VPN, and key-only remote access
https://github.com/carlossemeao/ansible-control-node
access-control ansible automation devsecops hardened linux node ssh tailscale vpn
Last synced: about 2 months ago
JSON representation
Ansible control node with hardened SSH, Tailscale VPN, and key-only remote access
- Host: GitHub
- URL: https://github.com/carlossemeao/ansible-control-node
- Owner: CarlosSemeao
- Created: 2025-05-30T15:06:58.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2026-04-13T19:48:11.000Z (3 months ago)
- Last Synced: 2026-04-18T13:35:20.931Z (3 months ago)
- Topics: access-control, ansible, automation, devsecops, hardened, linux, node, ssh, tailscale, vpn
- Homepage:
- Size: 5.86 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Ansible - Hardened SSH / Remote Access Automation
SSH
Tailscale
System lockdown
---
## Remote SSH Access via Tailscale
Password login disabled
Custom SSH port
Key access
Device control
Root login disabled
fail2ban active
Logs synced
SSH logs
---
## Tools
- **Tailscale** – VPN
- **OpenSSH (ED25519)** – hardened authentication
- **macOS + Fedora** – dev and control environment
---
## Ansible
- Creation of a secure user: `sysops`
- SSH key setup for MacBook login
- SSH daemon hardening (`sshd_config`)
- Safe restart of SSH service using `systemctl`
- Backup of original SSH configuration
---
## Project Matters
Remote sysadmin and IaaC workflow
Onboarding for secure users
Replicable across systems, cloud instances and physical machines
---
## End Devices (Tailscale)
- **MacOS** (admin terminal)
- **Fedora** (Ansible control)
- **Phone** (remote client w/ key authentication)