saibotk-de/infrastructure
saibotk-de/infrastructure
1
0
Fork 0
Code Issues Pull requests Releases 42 Activity

!fix(luks_ssh): Add root account SSH unlock

Browse source 
This has to be done, for sshd being able to read the authorized keys. See https://github.com/gsauthof/dracut-sshd/tree/master?tab=readme-ov-file#faq

So we do this here, note that this will remove the root account password if there is one.
This commit is contained in:
saibotk 2024-03-10 00:15:05 +01:00
parent e380fe1932
commit db6f516bee
Signed by: saibotk
GPG key ID: 67585F0065E261D5
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
roles/luks_ssh/tasks/main.yml
View file

@ -18,6 +18,13 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
# See https://github.com/gsauthof/dracut-sshd/tree/master?tab=readme-ov-file#faq
- name: Unlock root account for SSH
ansible.builtin.user:
name: root
password: "*" # * means only SSH key login is allowed, this is needed for the initramfs sshd login
become: true
- name: Create dracut extension - name: Create dracut extension
ansible.builtin.file: ansible.builtin.file:
path: "{{ luks_ssh_dracut_ssh_dir }}" path: "{{ luks_ssh_dracut_ssh_dir }}"