moved ssh to cert based

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
2025-03-25 01:09:08 +01:00
parent 924e4a2f92
commit 56f058c254
21 changed files with 160 additions and 87 deletions
--- a/roles/common/templates/ssh/sshd_config
+++ b/roles/common/templates/ssh/sshd_config
@@ -1,4 +1,3 @@
-Include /etc/ssh/sshd_config.d/*.conf
 Protocol 2
 PermitRootLogin no
 MaxAuthTries 3
@@ -13,6 +12,7 @@ X11Forwarding no
 PrintMotd no
 TCPKeepAlive no
 ClientAliveCountMax 2
+TrustedUserCAKeys /etc/ssh/vault-ca.pub
 UseDNS yes
 AcceptEnv LANG LC_*
 Subsystem	sftp	/usr/lib/openssh/sftp-server