This is pure gold. I have tried it in my lab and everything works flawlessly. Need to practice more though to be confident. I feel two clarifications needed: a) is there a way to UNSIGN the host key? I could delete and regenerate of course, revoke procedure is vague in man ssh-keygen. b) how to add extra users (-n alice,bob) if needed at a later stage, say charlie is a new user? or maybe allow ANY user (not secure but good for lab). Also, with regard to ansible: RH made available the set of ansible roles, and rhel_system_roles_sshd could be utilized. I am sure community is available too... Thank you, Andrew
Thank you for continuing with the LPIC-3 303 objectives
.
This is pure gold. I have tried it in my lab and everything works flawlessly. Need to practice more though to be confident. I feel two clarifications needed: a) is there a way to UNSIGN the host key? I could delete and regenerate of course, revoke procedure is vague in man ssh-keygen. b) how to add extra users (-n alice,bob) if needed at a later stage, say charlie is a new user? or maybe allow ANY user (not secure but good for lab). Also, with regard to ansible: RH made available the set of ansible roles, and rhel_system_roles_sshd could be utilized. I am sure community is available too... Thank you, Andrew
Thank you
How to automate (ansible)
How to rotate after 52w
Really there is no module on ansible but you can run the command with the command module. But would require no password for the ca.
You could always set a longer expiry time