[base-security] Remove root authorized keys

2019-07-30 12:04:56 +02:00 · 2019-07-30 12:04:56 +02:00 · dfaa2a9313
parent bb4d0a6695
commit dfaa2a9313
3 changed files with 10 additions and 8 deletions
--- a/base.yml
+++ b/base.yml
@ -19,6 +19,7 @@
      - silice.adm.crans.org
  roles:
    - debian-apt-sources
+    - common-security
    - common-tools
    - rsync-client
    - ntp-client
--- a/roles/common-security/tasks/main.yml
+++ b/roles/common-security/tasks/main.yml
@ -0,0 +1,9 @@
+---
+- name: Delete authorized SSH keys for root account
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /root/.ssh/authorized_keys
+    - /root/.ssh/authorized_keys2
+
--- a/roles/ldap-client/tasks/main.yml
+++ b/roles/ldap-client/tasks/main.yml
@ -36,11 +36,3 @@
    dest: /etc/pam.d/common-account
    regexp: 'pam_mkhomedir\.so'
    line: "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077"
-
-# If LDAP crashes
- name: Install SSH keys for root account
-  authorized_key:
-    user: root
-    key: "{{ ssh_pub_keys }}"
-    state: present
-    exclusive: true