infrastructure/roles/luks_ssh
Saibotk 397156a173
feat!(luks_ssh): Remove all other ssh keys
To do so, we refactored the structure of the `luks_ssh_dracut_authorized_keys` variable to only contain ssh filenames.
2024-08-14 00:53:11 +02:00
..
defaults feat!(luks_ssh): Remove all other ssh keys 2024-08-14 00:53:11 +02:00
files feat(luks_ssh): Update with latest upstream changes 2024-03-10 01:08:00 +01:00
handlers lint: satisfy ansible-lint 2023-04-06 00:27:43 +02:00
meta ansible-lint: Fix various new issues 2022-11-02 21:57:13 +01:00
tasks feat!(luks_ssh): Remove all other ssh keys 2024-08-14 00:53:11 +02:00
templates feat(luks_ssh): Update with latest upstream changes 2024-03-10 01:08:00 +01:00
README.md Initial commit 2020-08-10 01:37:13 +02:00

luks_ssh

This installs the sshd dracut module, which will include sshd in the initramfs and make SSH available on boot. This allows for a remote passphrase input via SSH to unlock the LUKS encrypted root partition.

Files based on commit: a28f695d82

Note: This roughly reflects the changes as of the commit above, but is adjusted to explicitly import network-systemd, if needed (not used with default CentOS 7 instance), and to use a dedicated authorized_keys file, deployed to the module directory instead of the root users keys.

Requirements

A prepared CentOS 7 instance with ifcfg based network config / already configured network settings and a NM_CONTROLLED=no config for the interface, if needed, to prevent the network manager from importing the state (the network config) that was used in the initrd.

Role Variables

Please look at the defaults/main.yml for all available variables and their description.

Note: Lines that are commented out via # are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!

Dependencies

None

License

GPL-3.0-only