Chief among the institute's master secrets is the SSH key authorized
to access privileged accounts on /all/ of the institute servers. It
-is stored in [[file:Secret/ssh_admin/id_rsa][=Secret/ssh_admin/id_rsa=]]. The complete list of the
+is stored in [[file:Secret/ssh_admin/id_rsa][=Secret/ssh_admin/id_ed25519=]]. The complete list of the
institute's SSH keys:
- [[file:Secret/ssh_admin/][=Secret/ssh_admin/=]] :: The SSH key pair for A Small Institute
file, copied it to the droplet, and installed it as the
=authorized_keys= for ~sysadm~.
-: notebook$ cat ~/.ssh/id_rsa.pub Secret/ssh_admin/id_rsa.pub \
+: notebook$ cat ~/.ssh/id_ed25519.pub \
+: notebook_ Secret/ssh_admin/id_ed25519.pub \
: notebook_ > admin_keys
: notebook$ scp admin_keys sysadm@159.65.75.60:
: The authenticity of host '159.65.75.60' can't be established.
=admin_keys= file, copied it to Core, and installed it as the
=authorized_keys= for ~sysadm~.
-: notebook$ cat ~/.ssh/id_rsa.pub Secret/ssh_admin/id_rsa.pub \
+: notebook$ cat ~/.ssh/id_ed25519.pub \
+: notebook_ Secret/ssh_admin/id_ed25519.pub \
: notebook_ > admin_keys
: notebook$ scp admin_keys sysadm@core.lan:
: The authenticity of host 'core.lan' can't be established.
=admin_keys= file, copied it to Gate, and installed it as the
=authorized_keys= for ~sysadm~.
-: notebook$ cat ~/.ssh/id_rsa.pub Secret/ssh_admin/id_rsa.pub \
+: notebook$ cat ~/.ssh/id_ed25519.pub \
+: notebook_ Secret/ssh_admin/id_ed25519.pub \
: notebook_ > admin_keys
: notebook$ scp admin_keys sysadm@gate.lan:
: The authenticity of host 'gate.lan' can't be established.
- name: Authorize monkey@core.
become: yes
- vars:
- pubkeyfile: ../Secret/ssh_monkey/id_rsa.pub
authorized_key:
user: monkey
- key: "{{ lookup('file', pubkeyfile) }}"
+ key: "{{ lookup('file', '../Secret/ssh_monkey/id_ed25519.pub') }}"
manage_dir: yes
- name: Add {{ ansible_user }} to monkey group.
owner: monkey
group: monkey
loop:
- - { name: config, mode: "u=rw,g=r,o=" }
- - { name: id_rsa.pub, mode: "u=rw,g=r,o=r" }
- - { name: id_rsa, mode: "u=rw,g=,o=" }
+ - { name: config, mode: "u=rw,g=r,o=" }
+ - { name: id_ed25519.pub, mode: "u=rw,g=r,o=r" }
+ - { name: id_ed25519, mode: "u=rw,g=,o=" }
- name: Configure Monkey SSH known hosts.
become: yes
all:
vars:
ansible_user: sysadm
- ansible_ssh_extra_args: -i Secret/ssh_admin/id_rsa
+ ansible_ssh_extra_args: -i Secret/ssh_admin/id_ed25519
hosts:
front:
ansible_host: 192.168.58.3
mysystem "mkdir Secret/ssh_admin";
chmod 0700, "Secret/ssh_admin";
- mysystem ("ssh-keygen -q -t rsa",
+ mysystem ("ssh-keygen -q -t ed25519",
"-C A\\ Small\\ Institute\\ Administrator",
- "-N '' -f Secret/ssh_admin/id_rsa");
+ "-N '' -f Secret/ssh_admin/id_ed25519");
mysystem "mkdir Secret/ssh_monkey";
chmod 0700, "Secret/ssh_monkey";
mysystem "echo 'HashKnownHosts no' >Secret/ssh_monkey/config";
- mysystem ("ssh-keygen -q -t rsa -C monkey\@core",
- "-N '' -f Secret/ssh_monkey/id_rsa");
+ mysystem ("ssh-keygen -q -t ed25519",
+ "-C monkey\@core.$domain_priv",
+ "-N '' -f Secret/ssh_monkey/id_ed25519");
exit;
}
#+END_SRC
--- /dev/null
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACA1XokUICuJZNl/0jUYCMF0EY33FB39rSzWqyhEMUt8HQAAAKhs6XetbOl3
+rQAAAAtzc2gtZWQyNTUxOQAAACA1XokUICuJZNl/0jUYCMF0EY33FB39rSzWqyhEMUt8HQ
+AAAED51aOh8vm3pNftfDyGSY6IqL1ygrsvx3mVB1YaGSO2sDVeiRQgK4lk2X/SNRgIwXQR
+jfcUHf2tLNarKEQxS3wdAAAAH0EgU21hbGwgSW5zdGl0dXRlIEFkbWluaXN0cmF0b3IBAg
+MEBQY=
+-----END OPENSSH PRIVATE KEY-----
--- /dev/null
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVeiRQgK4lk2X/SNRgIwXQRjfcUHf2tLNarKEQxS3wd A Small Institute Administrator
+++ /dev/null
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
-NhAAAAAwEAAQAAAYEA18V56hWlKt1gJplvz/DjJt3HwBiaC9VAvMo27Ec7et0ZrrCA9grz
-0yXzv7GzQMQyhzwb2CaosAWPFodlQQ16DtpVgCvSTkr1zGWUZgYe2JOvjbD0m3meh9w4M3
-Zirm7OBOVxHZJjoor8ohgVosMwygDqlr2+tMlgwzRLh8hjc5yo8i/pwDs7pdYT+X9t7193
-lYU8VdM3QpZLLyKaRrGGNxL4TMWrJ47xjoRAs9T6v/Tz8WpGNZASjBY/Moe+VH2CckYlHB
-VFWQ/3UMgzI+4LYob+ADYlACIJ/eCOBrfbfGtjoi8qyoSQME0K7OAgPrLmPt7g3KdhbkAL
-7s6WtpqFLnzXrUJ/WGAqQkGoqPCNzfTeTzqjxrTU//Bb9cMFrJf09+tzSZmu5a7UFyoKud
-mGJmlDZx8Txaiz//RC2gCmyq103pdHsPy8lRDukCen1O5RNy2DBeQ54JXjqbjh8kHSCSr0
-qAm+4pQ7hvHpGXd2RETobch5a+1HB67ZmTGI4ZUXAAAFkFdJqqNXSaqjAAAAB3NzaC1yc2
-EAAAGBANfFeeoVpSrdYCaZb8/w4ybdx8AYmgvVQLzKNuxHO3rdGa6wgPYK89Ml87+xs0DE
-Moc8G9gmqLAFjxaHZUENeg7aVYAr0k5K9cxllGYGHtiTr42w9Jt5nofcODN2Yq5uzgTlcR
-2SY6KK/KIYFaLDMMoA6pa9vrTJYMM0S4fIY3OcqPIv6cA7O6XWE/l/be9fd5WFPFXTN0KW
-Sy8imkaxhjcS+EzFqyeO8Y6EQLPU+r/08/FqRjWQEowWPzKHvlR9gnJGJRwVRVkP91DIMy
-PuC2KG/gA2JQAiCf3gjga323xrY6IvKsqEkDBNCuzgID6y5j7e4NynYW5AC+7OlraahS58
-161Cf1hgKkJBqKjwjc303k86o8a01P/wW/XDBayX9Pfrc0mZruWu1BcqCrnZhiZpQ2cfE8
-Wos//0QtoApsqtdN6XR7D8vJUQ7pAnp9TuUTctgwXkOeCV46m44fJB0gkq9KgJvuKUO4bx
-6Rl3dkRE6G3IeWvtRweu2ZkxiOGVFwAAAAMBAAEAAAGAKECcx8CV+XMm9sx1AXPMzHlfRE
-TSqBZ2Z0HKETYQsJECs4YV6NCOP/u6hy5dZF21l2jtQNulaIEA+pDzoLkk5hRxEuIZ76Uo
-SaNBle7aXkje3S3/0+lSW8IHcgJJ0oS1RlCPU5b1o2MOUibwElcbiPO2z7xCEXPn60KcPI
-5zjyPQmK27i7MBI6TWQRs2pQtIQcqDQPeQPYnQKNDpuvpvMWMGkzvk/BI8mfuuHl5DEQBf
-adALnP5tl1inHYQZS6XGElx7PrVuRahv/h3Img7WAI8G7whRmxha3nje2Xk4hY3M2mlaUJ
-odHVaYwpv1uBmeevfUJ38AGAYmGIeijuqC6tx6/4Zn1qc6DsH272nOnbYmuHHJpb8p8LbV
-xiHM8VsSAsqt6LRUKoaQddrZrhL2N0LT2iZ0KIFKz3OnMXYM5R9N8K5hq5o012Kxk4mbHt
-e0fF3IFBoUeySZMRnPYbHRML7CcHdJQqHa2w+HwR06WdauHw9SLHXVMUm7VB3KfuohAAAA
-wG0ARc3IXG2+nYAP5MvcluSeYIyqqXb/l9H2hnioXzGn684t/O1ZCtuBKC7jXYKL7+UeSZ
-Ww0j1TvVnOFqSH5wwHfuY5+fHusf1/HDuhmfoo029dWthC11PjzZYZOFl4D5CgO2SX0Pbu
-Gzw7PAUubjdIGmbiYFClnTPP9g72fmNPlflTrDjIDh7oSjQCJ48c/UDNS6t95bIZmA35Yn
-BN0u0DZPHl1vtsLjWH3p/mBJPYCqUc6QDZ2nFE9xy0VJT6HwAAAMEA7lorbF3zkG6wKoH1
-PHqzNl0hvObOfKh9XilX96ijJQUfx+jR3ScU16xEwgUDPkN06agYtT9b/BCzcOheug4Ve/
-2WWopTI0m2ZgXDIlTwt7yIktNxgIdLrDyp8F6mhbQnhpcVL8Peekl/Bp1YbVHz/t4VrWQs
-IBZJ8peb+Wlv/HuCWYjrHxM2J62ThXN5CS/lmzkXopLucexb5GKTJ0We2COIxR9AQSN7+p
-PL83sv32ZmqF0OD36QFAvAXFIdzRs5AAAAwQDnv0y/UophQqQbZAs8LnQzmKNkMyQFYY3S
-Lx86ZtQx6XXPAVvxgIoj/lPQuC4g55QUS/LXep+pP9fUFvvWlbHgqMJZWT+okJiA+z5R86
-P3AUGfPtL4OdroZPRgnHc1IMpDSo2v671uT97AKIi8lOHNO6EJdZcjIjIWcJKAVD5nFl6Q
-sQIdKLWsl3k7IcN+wT2ABD1zRQ3Yl0O5t0l8GpW39fmzjsmiwdWuvcm2x2TxTmfaqdVmkR
-qOUKDCECbDIs8AAAAXSW5zdGl0dXRlIEFkbWluaXN0cmF0b3IBAgME
------END OPENSSH PRIVATE KEY-----
+++ /dev/null
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXxXnqFaUq3WAmmW/P8OMm3cfAGJoL1UC8yjbsRzt63RmusID2CvPTJfO/sbNAxDKHPBvYJqiwBY8Wh2VBDXoO2lWAK9JOSvXMZZRmBh7Yk6+NsPSbeZ6H3DgzdmKubs4E5XEdkmOiivyiGBWiwzDKAOqWvb60yWDDNEuHyGNznKjyL+nAOzul1hP5f23vX3eVhTxV0zdClksvIppGsYY3EvhMxasnjvGOhECz1Pq/9PPxakY1kBKMFj8yh75UfYJyRiUcFUVZD/dQyDMj7gtihv4ANiUAIgn94I4Gt9t8a2OiLyrKhJAwTQrs4CA+suY+3uDcp2FuQAvuzpa2moUufNetQn9YYCpCQaio8I3N9N5POqPGtNT/8Fv1wwWsl/T363NJma7lrtQXKgq52YYmaUNnHxPFqLP/9ELaAKbKrXTel0ew/LyVEO6QJ6fU7lE3LYMF5DngleOpuOHyQdIJKvSoCb7ilDuG8ekZd3ZEROhtyHlr7UcHrtmZMYjhlRc= A Small Institute Administrator
--- /dev/null
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCnYqE/J6XBi02zHPTGPMgCY17Q+XFltluQZ26oqTUHHAAAAKA35YS5N+WE
+uQAAAAtzc2gtZWQyNTUxOQAAACCnYqE/J6XBi02zHPTGPMgCY17Q+XFltluQZ26oqTUHHA
+AAAEBL4wka2scQDIBQHX880xi4xAblWGzzGqDZA6p2T23Gi6dioT8npcGLTbMc9MY8yAJj
+XtD5cWW2W5BnbqipNQccAAAAGW1vbmtleUBjb3JlLnNtYWxsLnByaXZhdGUBAgME
+-----END OPENSSH PRIVATE KEY-----
--- /dev/null
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdioT8npcGLTbMc9MY8yAJjXtD5cWW2W5BnbqipNQcc monkey@core.small.private
+++ /dev/null
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
-NhAAAAAwEAAQAAAYEAng3cBVl5eiYHNpaS0ziOyz+JEtSP7A2EDnuVg/vaZ0yEJdo/qCJL
-xHc1Dp5VSWpexic5KEJ3S87Z7SE6fkaDKW7Y2Gg/6mT88eXMmytYDM0JHufRa64mmfJ7f5
-Ggm9adhoiH8MAoicBMNa7ILwZfxtr5al5//NW7OMXCLE73ohGqGwPYS82Dy2PwWXRBcZz2
-qcuLNTX1MyElMnKInatIwtbgNQXiU98hO7dfT1GZLk0YABJXgahf81ERbt7oPntUeWnuJE
-9M4fIHILXrNEBkifGe4uh0K20LxyO7Z3L3xAhwxuBrS6r5l5hLlGDj8k36xYtRC9fXt2lY
-xiMOk2cVaWj7q1Z/vLZuih0vsnB07s/Ge8tvtZh9zI6LLGH77n7rCOXxgktvHXSD9JlN4P
-1ZmOVaYwHOwiz30UdEY/RYZYGE6+wZHlSF6ROaaFrX6yebg6WTK4Yv1S16YO4oRgvnJB//
-r65O4yX7fsNXF7WjyV3Iw/NWs9T3IUf7AabIsVTLAAAFgF6mN1depjdXAAAAB3NzaC1yc2
-EAAAGBAJ4N3AVZeXomBzaWktM4jss/iRLUj+wNhA57lYP72mdMhCXaP6giS8R3NQ6eVUlq
-XsYnOShCd0vO2e0hOn5Ggylu2NhoP+pk/PHlzJsrWAzNCR7n0WuuJpnye3+RoJvWnYaIh/
-DAKInATDWuyC8GX8ba+Wpef/zVuzjFwixO96IRqhsD2EvNg8tj8Fl0QXGc9qnLizU19TMh
-JTJyiJ2rSMLW4DUF4lPfITu3X09RmS5NGAASV4GoX/NREW7e6D57VHlp7iRPTOHyByC16z
-RAZInxnuLodCttC8cju2dy98QIcMbga0uq+ZeYS5Rg4/JN+sWLUQvX17dpWMYjDpNnFWlo
-+6tWf7y2boodL7JwdO7PxnvLb7WYfcyOiyxh++5+6wjl8YJLbx10g/SZTeD9WZjlWmMBzs
-Is99FHRGP0WGWBhOvsGR5UhekTmmha1+snm4OlkyuGL9UtemDuKEYL5yQf/6+uTuMl+37D
-Vxe1o8ldyMPzVrPU9yFH+wGmyLFUywAAAAMBAAEAAAGAdDYmj3xhWFG7vgRqgom0XHcj10
-eZZuvtLCTsI3Y7+PYGuDpH0d0drqAjz9LVTLy8YKAYY6SzSHcYP0XOV2iLKhzJrhzA2hxU
-65uWnIT7IbZkPWgf0DflRA5JhdvSpqLfgjrDEV6Ir/hHULVplUHvjCwXdYF0Q7f3B+BITA
-HoDC9GzsQ99kZu4E5kO7HCKMJLjz8M5Rv+ZRC64+PY1W1Ke5A4nGPuLNMEAX9rwctygNvI
-iMzzsG7X1fTGh6m4Q7CznSCKPn0oPr1PNoIwUiMQzxH41L+v08AFbQ45O+kzxR/JsCS8u0
-42LVATCenxHYbVofKM26KjEYUbl/fxNmKEqRrbpaRIHM4H0aX2T1pYp0MU8dOX7N4p7ue5
-OnDanKFOyPbijkQUcK4wewH6BJ+T0coJOOl66imMlTYhRKhJpHIoKTWmnOMDzwS0hO8bZ5
-NuepYzjIdrC9juq0HtG3Wg8yqKLpJlTWCsWnk0ijYuccm7YKm67L0UDPAtz4M+4cRxAAAA
-wDOqhuiqzJXx3ZM9RLJLDk9+K1/fZG+KZtQB4fD3n7pTJn2kRj2SvWtCFEEeeFznyQ5F0W
-6Lkmzt/lSlKGM6NpnMpGb44uAKNoheZ1xz1Rbbwav643vXne0aC60fa+7kGk+LSnTm+sKi
-GxNhrb1ZYn05dz6lTT71fIExAVWQaevwZKrd7+S2t2TSEemoHEKElCx7FGl4A+OQmyNeaC
-dMKAcfepXmftqW09fesIdtmiSZmfT7+SR4Q5hHuYjC/WEwsgAAAMEAyS4Rr2xaN+ndQB8r
-Xi9/VqIOQATlfYbssVheDhvsdHVdB9QUhZhjqdSIeCEzRo1JntCo2e0bXsq2ifXgudwsau
-Vc4nN4OoJqynns2zzqWcPopo8HTgsIx1RdC7syOljVfMuy1VqZ55kcA4BvcHGx3gKQp1jE
-B34wOh1T/UFQdttznvYw1YdkHY8KA2AICOiB2dyiOUdvTpFjPxIeMTQcW7PD4LhSE489yY
-nxvF1UDqG+AMFp0r2/sbIZWI2HYvyTAAAAwQDJH2pTN9x2ljEdNDNr5sr/bx9gr3Vk5hav
-eZHbvd3cCEe7FSyudU7M55rJmad2LM8BD8LbrfoHxWIsxbWQjGW+AV8ltafI+jRcZL9d/X
-QPB/y59p32y/S9u0w7vtqXCpAAiTe8h6u4T5Dinib1kMIfClyd+ZJflEVc9G16ShVlVuEn
-04UFLcEpzGdqKVqwTv7QJNPsvcz6K5kNQQPEmNMXy9k+FQ0bH8ADR6DfP6LVzS4CfTvvIc
-jU/0Zfsu/boekAAAALbW9ua2V5QGNvcmU=
------END OPENSSH PRIVATE KEY-----
+++ /dev/null
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCeDdwFWXl6Jgc2lpLTOI7LP4kS1I/sDYQOe5WD+9pnTIQl2j+oIkvEdzUOnlVJal7GJzkoQndLztntITp+RoMpbtjYaD/qZPzx5cybK1gMzQke59FrriaZ8nt/kaCb1p2GiIfwwCiJwEw1rsgvBl/G2vlqXn/81bs4xcIsTveiEaobA9hLzYPLY/BZdEFxnPapy4s1NfUzISUycoidq0jC1uA1BeJT3yE7t19PUZkuTRgAEleBqF/zURFu3ug+e1R5ae4kT0zh8gcgtes0QGSJ8Z7i6HQrbQvHI7tncvfECHDG4GtLqvmXmEuUYOPyTfrFi1EL19e3aVjGIw6TZxVpaPurVn+8tm6KHS+ycHTuz8Z7y2+1mH3MjossYfvufusI5fGCS28ddIP0mU3g/VmY5VpjAc7CLPfRR0Rj9FhlgYTr7BkeVIXpE5poWtfrJ5uDpZMrhi/VLXpg7ihGC+ckH/+vrk7jJft+w1cXtaPJXcjD81az1PchR/sBpsixVMs= monkey@core
all:
vars:
ansible_user: sysadm
- ansible_ssh_extra_args: -i Secret/ssh_admin/id_rsa
+ ansible_ssh_extra_args: -i Secret/ssh_admin/id_ed25519
hosts:
front:
ansible_host: 192.168.58.3
mysystem "mkdir Secret/ssh_admin";
chmod 0700, "Secret/ssh_admin";
- mysystem ("ssh-keygen -q -t rsa",
+ mysystem ("ssh-keygen -q -t ed25519",
"-C A\\ Small\\ Institute\\ Administrator",
- "-N '' -f Secret/ssh_admin/id_rsa");
+ "-N '' -f Secret/ssh_admin/id_ed25519");
mysystem "mkdir Secret/ssh_monkey";
chmod 0700, "Secret/ssh_monkey";
mysystem "echo 'HashKnownHosts no' >Secret/ssh_monkey/config";
- mysystem ("ssh-keygen -q -t rsa -C monkey\@core",
- "-N '' -f Secret/ssh_monkey/id_rsa");
+ mysystem ("ssh-keygen -q -t ed25519",
+ "-C monkey\@core.$domain_priv",
+ "-N '' -f Secret/ssh_monkey/id_ed25519");
exit;
}
owner: monkey
group: monkey
loop:
- - { name: config, mode: "u=rw,g=r,o=" }
- - { name: id_rsa.pub, mode: "u=rw,g=r,o=r" }
- - { name: id_rsa, mode: "u=rw,g=,o=" }
+ - { name: config, mode: "u=rw,g=r,o=" }
+ - { name: id_ed25519.pub, mode: "u=rw,g=r,o=r" }
+ - { name: id_ed25519, mode: "u=rw,g=,o=" }
- name: Configure Monkey SSH known hosts.
become: yes
- name: Authorize monkey@core.
become: yes
- vars:
- pubkeyfile: ../Secret/ssh_monkey/id_rsa.pub
authorized_key:
user: monkey
- key: "{{ lookup('file', pubkeyfile) }}"
+ key: "{{ lookup('file', '../Secret/ssh_monkey/id_ed25519.pub') }}"
manage_dir: yes
- name: Add {{ ansible_user }} to monkey group.
projects / Institute / commitdiff