AnsibleAWSDevops Tools

Setup SSH Key and initial user using Ansible Playbook

Posted Nidhi Gupta

In this blog we will Setup SSH Key and initial user using Ansible Playbook

To create new user on ubuntu system, you need the following things:

  1. Username/Password
  2. Public Key of the user
  3. You will first create a user on one machine. Machine can be your local workstation also
  4. Generate ssh-key for this
  5. Put the public key of that user to the remote hosts.
  6. Add that user to the sudoers.d file

Now we want to disable the Password Authentication on all the remote hosts.This means no user/root user can login to the system by using password. They have to use the SSH keys only.

Steps:

  1. Login as root . Do sudo -su
  2. useradd -m -s /bin/bash devops
    passwd devops
  3. echo -e ‘devops\tALL=(ALL)\tNOPASSWD:\tALL’ > /etc/sudoers.d/devops
  4. Encrypt your password
  5. sudo apt install whois -y
  6. mkpasswd — method=SHA-512
    TYPE THE PASSWORD ‘devops’

Generate a new SSH-key

  1. Login as a devops user
  2. ssh-keygen -t rsa

It will generate the public and private key file for the devops user.

Now we have to add this public key to all the remote hosts.

Create a ansible playbook “add-user-ssh.yml”

---
 - hosts: all
   vars:
     - devops_password: 'abcddefsfdfdfdfdfdfdfdfdfdfd'
   gather_facts: no
   remote_user: ubuntu
   become: true
tasks:
- name: Add a new user named devops
     user:
          name: devops
          shell: /bin/bash
          password: "{{ devops_password }}"
- name: Add devops user to the sudoers
     copy:
          dest: "/etc/sudoers.d/devops"
          content: "devops  ALL=(ALL)  NOPASSWD: ALL"
- name: Deploy SSH Key
     authorized_key: user=devops
                     key="{{ lookup('file', '/home/devops/.ssh/id_rsa.pub') }}"
                     state=present
- name: Disable Password Authentication
     lineinfile:
           dest=/etc/ssh/sshd_config
           regexp='^PasswordAuthentication'
           line="PasswordAuthentication no"
           state=present
           backup=yes
- name: Disable Root Login
     lineinfile:
           dest=/etc/ssh/sshd_config
           regexp='^PermitRootLogin'
           line="PermitRootLogin no"
           state=present
           backup=yes
     notify:
       - restart ssh
handlers:
   - name: restart ssh
     service:
       name=sshd
       state=restarted

Run the playbook

ansible-playbook add-devops-user-ssh.yml -i hosts

Validate Disable Password Authentication

$ ssh servername -o PubkeyAuthentication=no

You will get the “Permission Denied(public key)

Please follow and like us:
fb-share-icon
Tweet