From ce468dc7984aedcc132d7ad7ad7f01e35b561e10 Mon Sep 17 00:00:00 2001 From: Martin Kennedy Date: Fri, 7 Apr 2023 12:57:59 -0400 Subject: [PATCH] fix: dropbear: Pull the ed25519 pubkey from $HOME, not /home/$USER Also, pin the mode so it's never world-writable. --- roles/config/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/config/tasks/main.yml b/roles/config/tasks/main.yml index 7921fdd..f38e079 100644 --- a/roles/config/tasks/main.yml +++ b/roles/config/tasks/main.yml @@ -25,9 +25,10 @@ - name: Update authorized keys lineinfile: path: /etc/dropbear/authorized_keys - line: "{{ lookup('file', '/home/' + lookup('env', 'USER') + '/.ssh/id_ed25519.pub') }}" + line: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/id_ed25519.pub') }}" state: present create: yes + mode: 644 - name: Disable Root password authentication uci: