From ffe97d8d04aaa20b77641d231b88db060c39faba Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Mon, 16 Oct 2017 22:09:24 +0200 Subject: Remove my old ssh key (ROCA attack) --- roles/admin_ssh_keys/files/misc.pub | 1 - roles/admin_ssh_keys/files/misc_old.pub | 1 + roles/admin_ssh_keys/tasks/main.yml | 14 +++++++++++--- 3 files changed, 12 insertions(+), 4 deletions(-) create mode 100644 roles/admin_ssh_keys/files/misc_old.pub diff --git a/roles/admin_ssh_keys/files/misc.pub b/roles/admin_ssh_keys/files/misc.pub index e8ca85b..93597df 100644 --- a/roles/admin_ssh_keys/files/misc.pub +++ b/roles/admin_ssh_keys/files/misc.pub @@ -1,2 +1 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6XHbqNugBD9WlA3R6BZaouVsi6z9aK9aXu13I74zs9XL6DFLBZXlfAkTFPHDwcYbd5PB/0B8+T5AHmGYsBlEJGR8wFm2mUTVLoApmEKIo8m8Lf/M+vQxLOmkIqVvuMCWTb27dmLWVozKD+qtyzMXWsRT3aM6ok5WTFw/FNXM7XTOPxJaUfYexNXCRrNTt29LWc6TxIQUkeaMW/SAzttVwrQizE6Xip6nlOTT0g1yXsNajZAeQnADkmBu5CAjzGV3jsSrvEKIpXHzEVveCHRrgOXQWM7yWGTe3HGkMS9zgOJtHCQi92B/KBSeJksmWibNe5HHjjdhlmQujcHdKP4PR misc@kiora/tpm -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfmyuxWIl7d4lk+uO7zgwMNRRsRXFZn6XY8XTUxuwAEFWLDk9GpV33E3N4xI4p2a9I00wOjZZRTJN5uNqus03UlbJx8+GW9ixMqPy699klJNYf63cRhEXfX2gTnYLUhLDG+c/xVx2xYje92cYJ8xqgabvj3HQfmX/9oTzPRCVuREFsuh4owjztuE7808fZVl4NcTt8c3wt4KPE3mu+l7zlXFZVhS5IHGQOG3EMojamaolvrVwIn5qAWXyS/wXun0qpzCAFv2HSVl+0dkaBAFEsnfzWZsg2xXMnwbFcYJqRPUWYasogdEL7PTxUKhe7WMXtKjoKRjpt8B167E/kkbC7 misc@kiora/nano diff --git a/roles/admin_ssh_keys/files/misc_old.pub b/roles/admin_ssh_keys/files/misc_old.pub new file mode 100644 index 0000000..c625274 --- /dev/null +++ b/roles/admin_ssh_keys/files/misc_old.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfmyuxWIl7d4lk+uO7zgwMNRRsRXFZn6XY8XTUxuwAEFWLDk9GpV33E3N4xI4p2a9I00wOjZZRTJN5uNqus03UlbJx8+GW9ixMqPy699klJNYf63cRhEXfX2gTnYLUhLDG+c/xVx2xYje92cYJ8xqgabvj3HQfmX/9oTzPRCVuREFsuh4owjztuE7808fZVl4NcTt8c3wt4KPE3mu+l7zlXFZVhS5IHGQOG3EMojamaolvrVwIn5qAWXyS/wXun0qpzCAFv2HSVl+0dkaBAFEsnfzWZsg2xXMnwbFcYJqRPUWYasogdEL7PTxUKhe7WMXtKjoKRjpt8B167E/kkbC7 misc@kiora/nano diff --git a/roles/admin_ssh_keys/tasks/main.yml b/roles/admin_ssh_keys/tasks/main.yml index ea54fbd..f5dd4db 100644 --- a/roles/admin_ssh_keys/tasks/main.yml +++ b/roles/admin_ssh_keys/tasks/main.yml @@ -1,8 +1,16 @@ --- -- name: install root ssh keys - authorized_key: user=root - key="{{ item }}" +- name: Install root ssh keys + authorized_key: + user: root + key: "{{ item }}" with_file: - misc.pub - quaid.pub - duck.pub + +- name: Remove old root keys + authorized_key: + user: root + key: "{{ item }}" + with_file: + - misc_old.pub -- cgit