Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lkirkwood/ansible-sshman
Leverages Ansible to manage SSH access via a simple config file.
https://github.com/lkirkwood/ansible-sshman
ansible automation ssh
Last synced: about 1 month ago
JSON representation
Leverages Ansible to manage SSH access via a simple config file.
- Host: GitHub
- URL: https://github.com/lkirkwood/ansible-sshman
- Owner: lkirkwood
- Created: 2022-11-28T00:39:30.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-04T06:11:58.000Z (about 1 month ago)
- Last Synced: 2024-10-04T06:48:51.212Z (about 1 month ago)
- Topics: ansible, automation, ssh
- Language: Rust
- Homepage:
- Size: 85 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ansible-sshman
Write a simple yaml file and let Ansible set up SSH access to your servers.
## Requirements
+ Ansible
+ The `ansible.posix` collection (`ansible-galaxy collection install ansible.posix`)
## How it works
Reads a yaml config file that lists users and which hosts to give them access to.
Generates a playbook and runs it with `ansible-playbook` or writes it to a file.
The playbook creates accounts for each user on the hosts they have access to and adds their listed public key to their authorised list.
This tool will never delete users or their data. Accounts will be created for users that aren't `blocked`.
### Roles
Users can have one of four possible roles:
+ `blocked` : Cannot login using [publickey authentication](https://www.ssh.com/academy/ssh/public-key-authentication).
+ `sudoer` : Normal user that can use sudo by entering the password for root. These users have a locked/disabled password.
+ `nopass` : Normal user that can use sudo without entering a password. These users have a locked/disabled password.
+ `superuser` : User with UID 0 — equivalent to root.
### Details
The first play of the playbook contains tasks for creating the `sshman-sudoer` group and authorising members of this group to use sudo with the root password.
After that there is a similar play for creating the `sshman-nopass` group and authorising its members for passwordless sudo.
Next in the playbook will be a play for each user, creating their account on hosts they have access to (unless they are `blocked` - these users will not have accounts created for them).
Finally, a play for each user authorising their respective keys on hosts they have access to — or removing all keys, for `blocked` users.
## Config format
```yaml
- name: Username of user
pubkeys:
- Array of
- public keys
- the user may use to login.
access: Ansible group pattern matching hosts this user should have access to.
role: Controls the privileges a user has on the host. One of the roles listed above.
```
## Usage Help
```
Tool for managing SSH access to machines with Ansible.
Usage: ansible-sshman --config
Commands:
run Generates and runs the playbook immediately
write Writes the playbook to a file
help Print this message or the help of the given subcommand(s)
Options:
-c, --config Path to ssh config file
-h, --help Print help
-V, --version Print version
```