X-Git-Url: https://git.realraum.at/?a=blobdiff_plain;f=ansible%2Ftuer.yml;h=e061759f8cf78d61f18ea346e3f50cd5c5fb04a3;hb=462d5291a691cd8bd800a79b5feddcfae8ffa2e2;hp=004804d7c586e63f6170acb219b9a18c82263b07;hpb=f604840d31f25d2173cd8a75b494628585f14df6;p=noc.git

diff --git a/ansible/tuer.yml b/ansible/tuer.yml
index 004804d..e061759 100644
--- a/ansible/tuer.yml
+++ b/ansible/tuer.yml
@@ -62,6 +62,8 @@
           - nano
           - tcpdump
         openwrt_packages_extra:
+          - "-dropbear"
+          - openssh-server
           - git
 
         openwrt_mixin:
@@ -76,8 +78,20 @@
             mode: 0755
             file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/update-keys/update-keys"
 
-          /etc/dropbear/authorized_keys:
-            mode: 0600
+          /etc/ssh/sshd_config:
+            content: |-
+              Port 22000
+
+              AllowUsers root tuerctl tuergit
+              AuthenticationMethods publickey
+              AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
+
+              AllowAgentForwarding no
+              AllowTcpForwarding no
+              X11Forwarding no
+              UsePrivilegeSeparation sandbox
+
+          /etc/ssh/authorized_keys.d/root:
             content: |-
               {% for key in noc_ssh_keys %}
               {{ key }}
@@ -107,12 +121,6 @@
                 dns: 192.168.33.1
                 dns_search: realraum.at
 
-          dropbear:
-            - name: dropbear
-              options:
-                PasswordAuth: off
-                RootPasswordAuth: off
-                Port: 22000
 
         openwrt_mounts:
           - path: /run