Ansible ins Repo migrieren und zentrale SSH-Keys in shared/ssh.
Playbooks liegen unter pve1/ansible und pve2/ansible; authorized_keys als Fragmente mit Deploy-Skript und Ziel-Matrix für Proxmox, VM 101 und CTs. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
root
@@ -0,0 +1,85 @@
|
||||
# SSH — gemeinsame authorized_keys
|
||||
|
||||
Zentraler Katalog **öffentlicher** SSH-Keys (keine Private Keys). Stand aus den Hosts exportiert — bei neuem Laptop Key in `fragments/` ergänzen, `rebuild-assembled.sh` laufen lassen.
|
||||
|
||||
## Struktur
|
||||
|
||||
```
|
||||
shared/ssh/
|
||||
├── fragments/ # Einzelne Key-Gruppen (editierbar)
|
||||
├── assembled/ # Fertige Sets pro Ziel (generiert)
|
||||
├── rebuild-assembled.sh # fragments → assembled
|
||||
└── install-authorized-keys.sh
|
||||
```
|
||||
|
||||
| Fragment | Inhalt |
|
||||
|----------|--------|
|
||||
| [fragments/admin-workstations.pub](fragments/admin-workstations.pub) | DESKTOP-H9797I1, DESKTOP-J08NPU2 |
|
||||
| [fragments/admin-laptops-extra.pub](fragments/admin-laptops-extra.pub) | L7L1S5V, OJIEMRE, x380, Security Keys |
|
||||
| [fragments/admin-mobile.pub](fragments/admin-mobile.pub) | JuiceSSH, server6, WEBTOP |
|
||||
| [fragments/host-pve1.pub](fragments/host-pve1.pub) | root@pve1 ed25519 |
|
||||
| [fragments/host-pve2.pub](fragments/host-pve2.pub) | root@pve2 (Ansible / Host-SSH) |
|
||||
| [fragments/legacy-pve1-rsa.pub](fragments/legacy-pve1-rsa.pub) | Altes RSA auf pve1 (Kommentar „root@pve2“) |
|
||||
|
||||
## Assembled Sets → Ziel
|
||||
|
||||
| Datei | Deploy auf | User |
|
||||
|-------|------------|------|
|
||||
| [assembled/proxmox-root.pub](assembled/proxmox-root.pub) | pve1 `192.168.10.5`, pve2 `192.168.10.4` | root |
|
||||
| [assembled/vm101-jean.pub](assembled/vm101-jean.pub) | VM 101 Ubuntu `192.168.10.10` | jean |
|
||||
| [assembled/pve2-lxc-root.pub](assembled/pve2-lxc-root.pub) | CT 101 docker, 109 media, 110 AIDEV (pve2) | root |
|
||||
| [assembled/authorized_keys.all.pub](assembled/authorized_keys.all.pub) | Referenz — alle Keys vereint | — |
|
||||
|
||||
### Matrix (Ist-Zustand)
|
||||
|
||||
| Host | Empfohlenes Set | Anmerkung |
|
||||
|------|-----------------|-----------|
|
||||
| root@pve1 | proxmox-root | + legacy RSA noch enthalten |
|
||||
| root@pve2 | proxmox-root | ohne legacy RSA (reicht host-pve2) |
|
||||
| jean@192.168.10.10 | vm101-jean | Ansible fish-setup nutzt jean + SSH |
|
||||
| CT 101 (docker) | pve2-lxc-root | Ansible disk-maintenance |
|
||||
| CT 109 (media) | subset: admin + OJIEMRE | aktuell nur OJIEMRE — bei Bedarf volles Set |
|
||||
| CT 110 (aidev) | pve2-lxc-root | **aktuell leer** — Keys fehlen für Ansible |
|
||||
|
||||
## Neuen Key hinzufügen
|
||||
|
||||
1. Passendes Fragment in `fragments/*.pub` editieren (eine Zeile pro Key)
|
||||
2. `./rebuild-assembled.sh`
|
||||
3. `./install-authorized-keys.sh <target>` oder manuell `cat assembled/….pub >> ~/.ssh/authorized_keys`
|
||||
|
||||
## Deploy
|
||||
|
||||
```bash
|
||||
cd /root/docu/shared/ssh
|
||||
|
||||
# Proxmox lokal
|
||||
./install-authorized-keys.sh proxmox-root
|
||||
|
||||
# Remote
|
||||
./install-authorized-keys.sh --remote root@192.168.10.4 proxmox-root
|
||||
|
||||
# VM 101
|
||||
./install-authorized-keys.sh vm101-jean
|
||||
|
||||
# CTs auf pve2 (muss auf pve2 laufen)
|
||||
./install-authorized-keys.sh pve2-lxc-root
|
||||
./install-authorized-keys.sh pve2-lxc-root --ct 101
|
||||
|
||||
# Vorschau
|
||||
./install-authorized-keys.sh --dry-run proxmox-root
|
||||
```
|
||||
|
||||
## Ansible
|
||||
|
||||
| Host | Ansible-Pfad | Keys |
|
||||
|------|--------------|------|
|
||||
| pve1 | [pve1/ansible/](../../pve1/ansible/) | jean → VM 101 |
|
||||
| pve2 | [pve2/ansible/](../../pve2/ansible/) | root@pve2 → CTs |
|
||||
|
||||
Symlink auf dem Host: `ln -sfn /root/docu/pve{1,2}/ansible /root/ansible`
|
||||
|
||||
## Hinweise
|
||||
|
||||
- **Nur Public Keys** ins Repo — niemals `id_*` ohne `.pub` oder `.git-credentials-*`
|
||||
- Zwei verschiedene `ssh-rsa … root@pve2`: aktueller Key auf pve2 vs. Legacy auf pve1 (`legacy-pve1-rsa.pub`)
|
||||
- CT 110: vor Ansible-Wartung Keys deployen (`pve2-lxc-root`)
|
||||
@@ -0,0 +1,14 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAj1SFdqGjsIrF644ywWANqDMrsrlSBAQiM1HWEfwOIF jean@DESKTOP-L7L1S5V
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8YFIl6gZ6taPAoDPJtkwkcfEpas9MbVgdkuQuBOJvh jean@DESKTOP-OJIEMRE
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/3NRXevRiFpmLGkrZTA1Fp2FigYtDvvpG8Ta60U28p jean@x380
|
||||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEohWH3Rqh0+h5sYmi921rf3l2mZ0RXebCS8hR9pmHIiAAAABHNzaDo= jean@DESKTOP-DA5D3IG
|
||||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEGR43JnbBQNZ3U9onHM1XoFiJStBUmGTf2yr9p/haYuAAAABHNzaDo= jean@DESKTOP-2N4HRBF
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIY8YOBNfgjm9AVLycI0V5So2FZFjSk5BTH/K+SLajnw JuiceSSH
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCTs4xGQ9bW9eB3gfPx10Ddi7rxqnYFM+BFT7+DuUeoIiKtOGQLJWO+4ShJt6uNbD1Sk/VRtHxC2zF5h0oe4ZrDLOpVwwD+3e9IkFmtUXcTdVOfL0SDfjeZ8EeW25pTz10pXuwckiKoGGh42a1giATPf9jT63p9qa+hM51DpMMbZPN3k2ZJLzjpwhA4n2xcBbcFGkj3Brp6Tsn3x2T/kDwwuaOAfD8elAwM+etnDE8RhztdFXmWWJqxkTane6nInp0JPeKe/Uq/MEGDNiOhGH5BUC8FFNJQiHF9JspHitL2zbmT7zev29VWJgzMFrD2avn7gVyo9T7VnRF0gxh2ZzeRuDob9tHYYXCg8UG9q4V7uDJBEWoidCKAzn44DDWA4zeBfbwKdh1Muff6LNGwoRtyKgpTf5VsA+zjw/SkKS9xASJZKD4IN11Q1bN4BHhLkwfB0bKFIfDyQlCf+IVb64+uQhICe9qwZPG6SLl0ok2DU3CbL3wdLsQWTrdiOPXtPT0= jean@server6
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSVmBVrCmUuCgKS4L3w6jRq2Efi/28ghElDSs22Hu2G abc@bdad197f6631
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfSnbZKfHpVI9w8ogdfsA7XnYA28goelOfq+w3X02Bx jean@DESKTOP-H9797I1
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0ToemBZ+/ibr9k0LHsn2J0JuLalXw//TLmC0ydE7vr jean@DESKTOP-J08NPU2
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJvDmBpuduGeVdN92I/tr5YkfmQo5fQ4lI5ZgakRQef root@pve1
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXDMnLAJlxd56f6BCJAjVFbaTDcI2lLMOQf1OWCGzaA root@pve2
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NPVyFfE1hUimqs18TxjIB72+o59CVVQbJzK0cGmvzROnoR4iGPelwvGFnRUOdUbnGXK5TkQQB6dCnLKHEdULyQ5yXimI37Ywerr5cMorUF3QtWp4WHs2ewPgvdjc0gL0GLlSq7mHQ649PZbhpHo8GlOudsdEVqoxOKcvI/V572huuItTYj0AMnSHglQ1NR0jjeo6ItDblEpU6Anj4knqQYYyOD1CGAJZaKt+2UXsIV3xhkDFhq6Xv83VIj3T4Cju9VsIqFb5eOUUu7er0WpF0rqEqcVliPlq4Ja+eJ1Wl9HnD/5tUeM5yWDHynXTwSlMUCVvnaBtrFbIFhDR9pxWGEnNy6UEjiLRIrYkNMKr+QnzTesB8N8jvfPJoAMcESZAAi675PawbqYxK59ZG+sa/sX83G7GFl5MtB0lUhiyCJPdGUa63QfQw0J8X0dvkZCNcpsDWhbq9B+uu1GL1JS2Rr2uoYSwfIFUiyaQY8KniYlzYb2TyImEQZ7UYkTurIYVutjGJwNqr5KhrZb6flkt/t7fHe/rAScbhm/4lVQFYZYGggitnR6rh262CBl2ML53V1crhLzPjOQWu770y64mZBjf+NwWK84ikPsA0ei2/ph+oWnAkYZVbWVR47AOnLqDed95jJBL5rbAkeSe32MDTPG638pfiBRl/mvPdabZcQ== root@pve2
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvZFYXzxAFFa6aDpAOE/SlhU6yDYTxcP3h1NUyZvW2z/pXg05bQ1ZclYwk3RWjBRj4LQeYqClGyiXDo3bTJFusFq+UWVoYr0OIzyEu+5o+rNavErJxXRyiCFb61sSpxwanlec4MqTTNv8SvRHmmZPUjnfHRKjbHbj4LxMZT4cu3PSYAH98ANdgYw5ufZWuCQHxKN9LvQ8K/1JQAbxOGisnovIMtYo96NBk49FWHHQ29O0A5qDMW8HU9jXfWq5GTYplRdr7pnWDJBjuAUudmtG9vcMGZep5ExA2v9nfsbji4jemntBViDwk3mKcYn5NwIWrot89CON5Qe62QRSJnja5c7fSEPs+I2ltJ3ExLWwIMrQQua+yNJlGSkjLw8y1McuSUIk1FNRxLh4S1TDJOZ4zgHwHQFn1CV3+ZCCD0IM0VNKFpOgNmdQoziHIz96dCeZaQRFXl1Cf0YfhRwhuUqI8ifhgy32GfC5HlR82KRWYFNofZymRCMWaN8jMjfZZ3K2RkiAQUfjc9iojzY0NSO9kbM8RorHXNMgNkQVozgE//baULBCAYqT0q9jHd8mdqf4cfZ+Oj/EDqlnX6YNk+AC6VGmp4LlqWZGRdM9ovXoDe9g82RPypJI8fF0Ie0ws9rOQoVEzCmG9d3EXIQXn5M6JF660QgfcUrKTwUW/mKs0eQ== root@pve2
|
||||
@@ -0,0 +1,6 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfSnbZKfHpVI9w8ogdfsA7XnYA28goelOfq+w3X02Bx jean@DESKTOP-H9797I1
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0ToemBZ+/ibr9k0LHsn2J0JuLalXw//TLmC0ydE7vr jean@DESKTOP-J08NPU2
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJvDmBpuduGeVdN92I/tr5YkfmQo5fQ4lI5ZgakRQef root@pve1
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXDMnLAJlxd56f6BCJAjVFbaTDcI2lLMOQf1OWCGzaA root@pve2
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NPVyFfE1hUimqs18TxjIB72+o59CVVQbJzK0cGmvzROnoR4iGPelwvGFnRUOdUbnGXK5TkQQB6dCnLKHEdULyQ5yXimI37Ywerr5cMorUF3QtWp4WHs2ewPgvdjc0gL0GLlSq7mHQ649PZbhpHo8GlOudsdEVqoxOKcvI/V572huuItTYj0AMnSHglQ1NR0jjeo6ItDblEpU6Anj4knqQYYyOD1CGAJZaKt+2UXsIV3xhkDFhq6Xv83VIj3T4Cju9VsIqFb5eOUUu7er0WpF0rqEqcVliPlq4Ja+eJ1Wl9HnD/5tUeM5yWDHynXTwSlMUCVvnaBtrFbIFhDR9pxWGEnNy6UEjiLRIrYkNMKr+QnzTesB8N8jvfPJoAMcESZAAi675PawbqYxK59ZG+sa/sX83G7GFl5MtB0lUhiyCJPdGUa63QfQw0J8X0dvkZCNcpsDWhbq9B+uu1GL1JS2Rr2uoYSwfIFUiyaQY8KniYlzYb2TyImEQZ7UYkTurIYVutjGJwNqr5KhrZb6flkt/t7fHe/rAScbhm/4lVQFYZYGggitnR6rh262CBl2ML53V1crhLzPjOQWu770y64mZBjf+NwWK84ikPsA0ei2/ph+oWnAkYZVbWVR47AOnLqDed95jJBL5rbAkeSe32MDTPG638pfiBRl/mvPdabZcQ== root@pve2
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvZFYXzxAFFa6aDpAOE/SlhU6yDYTxcP3h1NUyZvW2z/pXg05bQ1ZclYwk3RWjBRj4LQeYqClGyiXDo3bTJFusFq+UWVoYr0OIzyEu+5o+rNavErJxXRyiCFb61sSpxwanlec4MqTTNv8SvRHmmZPUjnfHRKjbHbj4LxMZT4cu3PSYAH98ANdgYw5ufZWuCQHxKN9LvQ8K/1JQAbxOGisnovIMtYo96NBk49FWHHQ29O0A5qDMW8HU9jXfWq5GTYplRdr7pnWDJBjuAUudmtG9vcMGZep5ExA2v9nfsbji4jemntBViDwk3mKcYn5NwIWrot89CON5Qe62QRSJnja5c7fSEPs+I2ltJ3ExLWwIMrQQua+yNJlGSkjLw8y1McuSUIk1FNRxLh4S1TDJOZ4zgHwHQFn1CV3+ZCCD0IM0VNKFpOgNmdQoziHIz96dCeZaQRFXl1Cf0YfhRwhuUqI8ifhgy32GfC5HlR82KRWYFNofZymRCMWaN8jMjfZZ3K2RkiAQUfjc9iojzY0NSO9kbM8RorHXNMgNkQVozgE//baULBCAYqT0q9jHd8mdqf4cfZ+Oj/EDqlnX6YNk+AC6VGmp4LlqWZGRdM9ovXoDe9g82RPypJI8fF0Ie0ws9rOQoVEzCmG9d3EXIQXn5M6JF660QgfcUrKTwUW/mKs0eQ== root@pve2
|
||||
@@ -0,0 +1,12 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfSnbZKfHpVI9w8ogdfsA7XnYA28goelOfq+w3X02Bx jean@DESKTOP-H9797I1
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0ToemBZ+/ibr9k0LHsn2J0JuLalXw//TLmC0ydE7vr jean@DESKTOP-J08NPU2
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXDMnLAJlxd56f6BCJAjVFbaTDcI2lLMOQf1OWCGzaA root@pve2
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NPVyFfE1hUimqs18TxjIB72+o59CVVQbJzK0cGmvzROnoR4iGPelwvGFnRUOdUbnGXK5TkQQB6dCnLKHEdULyQ5yXimI37Ywerr5cMorUF3QtWp4WHs2ewPgvdjc0gL0GLlSq7mHQ649PZbhpHo8GlOudsdEVqoxOKcvI/V572huuItTYj0AMnSHglQ1NR0jjeo6ItDblEpU6Anj4knqQYYyOD1CGAJZaKt+2UXsIV3xhkDFhq6Xv83VIj3T4Cju9VsIqFb5eOUUu7er0WpF0rqEqcVliPlq4Ja+eJ1Wl9HnD/5tUeM5yWDHynXTwSlMUCVvnaBtrFbIFhDR9pxWGEnNy6UEjiLRIrYkNMKr+QnzTesB8N8jvfPJoAMcESZAAi675PawbqYxK59ZG+sa/sX83G7GFl5MtB0lUhiyCJPdGUa63QfQw0J8X0dvkZCNcpsDWhbq9B+uu1GL1JS2Rr2uoYSwfIFUiyaQY8KniYlzYb2TyImEQZ7UYkTurIYVutjGJwNqr5KhrZb6flkt/t7fHe/rAScbhm/4lVQFYZYGggitnR6rh262CBl2ML53V1crhLzPjOQWu770y64mZBjf+NwWK84ikPsA0ei2/ph+oWnAkYZVbWVR47AOnLqDed95jJBL5rbAkeSe32MDTPG638pfiBRl/mvPdabZcQ== root@pve2
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAj1SFdqGjsIrF644ywWANqDMrsrlSBAQiM1HWEfwOIF jean@DESKTOP-L7L1S5V
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8YFIl6gZ6taPAoDPJtkwkcfEpas9MbVgdkuQuBOJvh jean@DESKTOP-OJIEMRE
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/3NRXevRiFpmLGkrZTA1Fp2FigYtDvvpG8Ta60U28p jean@x380
|
||||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEohWH3Rqh0+h5sYmi921rf3l2mZ0RXebCS8hR9pmHIiAAAABHNzaDo= jean@DESKTOP-DA5D3IG
|
||||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEGR43JnbBQNZ3U9onHM1XoFiJStBUmGTf2yr9p/haYuAAAABHNzaDo= jean@DESKTOP-2N4HRBF
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIY8YOBNfgjm9AVLycI0V5So2FZFjSk5BTH/K+SLajnw JuiceSSH
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCTs4xGQ9bW9eB3gfPx10Ddi7rxqnYFM+BFT7+DuUeoIiKtOGQLJWO+4ShJt6uNbD1Sk/VRtHxC2zF5h0oe4ZrDLOpVwwD+3e9IkFmtUXcTdVOfL0SDfjeZ8EeW25pTz10pXuwckiKoGGh42a1giATPf9jT63p9qa+hM51DpMMbZPN3k2ZJLzjpwhA4n2xcBbcFGkj3Brp6Tsn3x2T/kDwwuaOAfD8elAwM+etnDE8RhztdFXmWWJqxkTane6nInp0JPeKe/Uq/MEGDNiOhGH5BUC8FFNJQiHF9JspHitL2zbmT7zev29VWJgzMFrD2avn7gVyo9T7VnRF0gxh2ZzeRuDob9tHYYXCg8UG9q4V7uDJBEWoidCKAzn44DDWA4zeBfbwKdh1Muff6LNGwoRtyKgpTf5VsA+zjw/SkKS9xASJZKD4IN11Q1bN4BHhLkwfB0bKFIfDyQlCf+IVb64+uQhICe9qwZPG6SLl0ok2DU3CbL3wdLsQWTrdiOPXtPT0= jean@server6
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSVmBVrCmUuCgKS4L3w6jRq2Efi/28ghElDSs22Hu2G abc@bdad197f6631
|
||||
@@ -0,0 +1,11 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfSnbZKfHpVI9w8ogdfsA7XnYA28goelOfq+w3X02Bx jean@DESKTOP-H9797I1
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0ToemBZ+/ibr9k0LHsn2J0JuLalXw//TLmC0ydE7vr jean@DESKTOP-J08NPU2
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAj1SFdqGjsIrF644ywWANqDMrsrlSBAQiM1HWEfwOIF jean@DESKTOP-L7L1S5V
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8YFIl6gZ6taPAoDPJtkwkcfEpas9MbVgdkuQuBOJvh jean@DESKTOP-OJIEMRE
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/3NRXevRiFpmLGkrZTA1Fp2FigYtDvvpG8Ta60U28p jean@x380
|
||||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEohWH3Rqh0+h5sYmi921rf3l2mZ0RXebCS8hR9pmHIiAAAABHNzaDo= jean@DESKTOP-DA5D3IG
|
||||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEGR43JnbBQNZ3U9onHM1XoFiJStBUmGTf2yr9p/haYuAAAABHNzaDo= jean@DESKTOP-2N4HRBF
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIY8YOBNfgjm9AVLycI0V5So2FZFjSk5BTH/K+SLajnw JuiceSSH
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCTs4xGQ9bW9eB3gfPx10Ddi7rxqnYFM+BFT7+DuUeoIiKtOGQLJWO+4ShJt6uNbD1Sk/VRtHxC2zF5h0oe4ZrDLOpVwwD+3e9IkFmtUXcTdVOfL0SDfjeZ8EeW25pTz10pXuwckiKoGGh42a1giATPf9jT63p9qa+hM51DpMMbZPN3k2ZJLzjpwhA4n2xcBbcFGkj3Brp6Tsn3x2T/kDwwuaOAfD8elAwM+etnDE8RhztdFXmWWJqxkTane6nInp0JPeKe/Uq/MEGDNiOhGH5BUC8FFNJQiHF9JspHitL2zbmT7zev29VWJgzMFrD2avn7gVyo9T7VnRF0gxh2ZzeRuDob9tHYYXCg8UG9q4V7uDJBEWoidCKAzn44DDWA4zeBfbwKdh1Muff6LNGwoRtyKgpTf5VsA+zjw/SkKS9xASJZKD4IN11Q1bN4BHhLkwfB0bKFIfDyQlCf+IVb64+uQhICe9qwZPG6SLl0ok2DU3CbL3wdLsQWTrdiOPXtPT0= jean@server6
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSVmBVrCmUuCgKS4L3w6jRq2Efi/28ghElDSs22Hu2G abc@bdad197f6631
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJvDmBpuduGeVdN92I/tr5YkfmQo5fQ4lI5ZgakRQef root@pve1
|
||||
@@ -0,0 +1,6 @@
|
||||
# Weitere Laptops / Geräte (VM 101, CTs)
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAj1SFdqGjsIrF644ywWANqDMrsrlSBAQiM1HWEfwOIF jean@DESKTOP-L7L1S5V
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8YFIl6gZ6taPAoDPJtkwkcfEpas9MbVgdkuQuBOJvh jean@DESKTOP-OJIEMRE
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/3NRXevRiFpmLGkrZTA1Fp2FigYtDvvpG8Ta60U28p jean@x380
|
||||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEohWH3Rqh0+h5sYmi921rf3l2mZ0RXebCS8hR9pmHIiAAAABHNzaDo= jean@DESKTOP-DA5D3IG
|
||||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEGR43JnbBQNZ3U9onHM1XoFiJStBUmGTf2yr9p/haYuAAAABHNzaDo= jean@DESKTOP-2N4HRBF
|
||||
@@ -0,0 +1,4 @@
|
||||
# Mobil / Sonstiges
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIY8YOBNfgjm9AVLycI0V5So2FZFjSk5BTH/K+SLajnw JuiceSSH
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCTs4xGQ9bW9eB3gfPx10Ddi7rxqnYFM+BFT7+DuUeoIiKtOGQLJWO+4ShJt6uNbD1Sk/VRtHxC2zF5h0oe4ZrDLOpVwwD+3e9IkFmtUXcTdVOfL0SDfjeZ8EeW25pTz10pXuwckiKoGGh42a1giATPf9jT63p9qa+hM51DpMMbZPN3k2ZJLzjpwhA4n2xcBbcFGkj3Brp6Tsn3x2T/kDwwuaOAfD8elAwM+etnDE8RhztdFXmWWJqxkTane6nInp0JPeKe/Uq/MEGDNiOhGH5BUC8FFNJQiHF9JspHitL2zbmT7zev29VWJgzMFrD2avn7gVyo9T7VnRF0gxh2ZzeRuDob9tHYYXCg8UG9q4V7uDJBEWoidCKAzn44DDWA4zeBfbwKdh1Muff6LNGwoRtyKgpTf5VsA+zjw/SkKS9xASJZKD4IN11Q1bN4BHhLkwfB0bKFIfDyQlCf+IVb64+uQhICe9qwZPG6SLl0ok2DU3CbL3wdLsQWTrdiOPXtPT0= jean@server6
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSVmBVrCmUuCgKS4L3w6jRq2Efi/28ghElDSs22Hu2G abc@bdad197f6631
|
||||
@@ -0,0 +1,3 @@
|
||||
# Jean — Desktop/Laptop (Hauptzugang Proxmox)
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfSnbZKfHpVI9w8ogdfsA7XnYA28goelOfq+w3X02Bx jean@DESKTOP-H9797I1
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0ToemBZ+/ibr9k0LHsn2J0JuLalXw//TLmC0ydE7vr jean@DESKTOP-J08NPU2
|
||||
@@ -0,0 +1,2 @@
|
||||
# Host-Key pve1 (192.168.10.5) — für SSH von pve2 → pve1
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJvDmBpuduGeVdN92I/tr5YkfmQo5fQ4lI5ZgakRQef root@pve1
|
||||
@@ -0,0 +1,3 @@
|
||||
# Host-Keys pve2 (192.168.10.4) — Ansible + Host-zu-Host
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICXDMnLAJlxd56f6BCJAjVFbaTDcI2lLMOQf1OWCGzaA root@pve2
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6NPVyFfE1hUimqs18TxjIB72+o59CVVQbJzK0cGmvzROnoR4iGPelwvGFnRUOdUbnGXK5TkQQB6dCnLKHEdULyQ5yXimI37Ywerr5cMorUF3QtWp4WHs2ewPgvdjc0gL0GLlSq7mHQ649PZbhpHo8GlOudsdEVqoxOKcvI/V572huuItTYj0AMnSHglQ1NR0jjeo6ItDblEpU6Anj4knqQYYyOD1CGAJZaKt+2UXsIV3xhkDFhq6Xv83VIj3T4Cju9VsIqFb5eOUUu7er0WpF0rqEqcVliPlq4Ja+eJ1Wl9HnD/5tUeM5yWDHynXTwSlMUCVvnaBtrFbIFhDR9pxWGEnNy6UEjiLRIrYkNMKr+QnzTesB8N8jvfPJoAMcESZAAi675PawbqYxK59ZG+sa/sX83G7GFl5MtB0lUhiyCJPdGUa63QfQw0J8X0dvkZCNcpsDWhbq9B+uu1GL1JS2Rr2uoYSwfIFUiyaQY8KniYlzYb2TyImEQZ7UYkTurIYVutjGJwNqr5KhrZb6flkt/t7fHe/rAScbhm/4lVQFYZYGggitnR6rh262CBl2ML53V1crhLzPjOQWu770y64mZBjf+NwWK84ikPsA0ei2/ph+oWnAkYZVbWVR47AOnLqDed95jJBL5rbAkeSe32MDTPG638pfiBRl/mvPdabZcQ== root@pve2
|
||||
@@ -0,0 +1,2 @@
|
||||
# Legacy: RSA auf pve1, Kommentar irreführend „root@pve2“ — steht noch auf pve1 authorized_keys
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvZFYXzxAFFa6aDpAOE/SlhU6yDYTxcP3h1NUyZvW2z/pXg05bQ1ZclYwk3RWjBRj4LQeYqClGyiXDo3bTJFusFq+UWVoYr0OIzyEu+5o+rNavErJxXRyiCFb61sSpxwanlec4MqTTNv8SvRHmmZPUjnfHRKjbHbj4LxMZT4cu3PSYAH98ANdgYw5ufZWuCQHxKN9LvQ8K/1JQAbxOGisnovIMtYo96NBk49FWHHQ29O0A5qDMW8HU9jXfWq5GTYplRdr7pnWDJBjuAUudmtG9vcMGZep5ExA2v9nfsbji4jemntBViDwk3mKcYn5NwIWrot89CON5Qe62QRSJnja5c7fSEPs+I2ltJ3ExLWwIMrQQua+yNJlGSkjLw8y1McuSUIk1FNRxLh4S1TDJOZ4zgHwHQFn1CV3+ZCCD0IM0VNKFpOgNmdQoziHIz96dCeZaQRFXl1Cf0YfhRwhuUqI8ifhgy32GfC5HlR82KRWYFNofZymRCMWaN8jMjfZZ3K2RkiAQUfjc9iojzY0NSO9kbM8RorHXNMgNkQVozgE//baULBCAYqT0q9jHd8mdqf4cfZ+Oj/EDqlnX6YNk+AC6VGmp4LlqWZGRdM9ovXoDe9g82RPypJI8fF0Ie0ws9rOQoVEzCmG9d3EXIQXn5M6JF660QgfcUrKTwUW/mKs0eQ== root@pve2
|
||||
Executable
+131
@@ -0,0 +1,131 @@
|
||||
#!/usr/bin/env bash
|
||||
# authorized_keys aus docu/shared/ssh deployen
|
||||
set -euo pipefail
|
||||
|
||||
DOCU_ROOT="${DOCU_ROOT:-/root/docu}"
|
||||
SSH_DIR="$DOCU_ROOT/shared/ssh"
|
||||
DRY_RUN=0
|
||||
TARGET=""
|
||||
DEST=""
|
||||
REMOTE=""
|
||||
CT_IDS=()
|
||||
|
||||
usage() {
|
||||
cat <<'EOF'
|
||||
Usage: install-authorized-keys.sh [options] <target>
|
||||
|
||||
Targets:
|
||||
proxmox-root → /root/.ssh/authorized_keys auf Proxmox-Hosts
|
||||
vm101-jean → jean@192.168.10.10 ~/.ssh/authorized_keys
|
||||
pve2-lxc-root → root in CTs auf pve2 (101 docker, 109 media, 110 aidev)
|
||||
|
||||
Options:
|
||||
--dest PATH Lokale Zieldatei (nur proxmox-root, default: /root/.ssh/authorized_keys)
|
||||
--remote USER@HOST Auf Remote-Host installieren (proxmox-root / vm101-jean)
|
||||
--ct VMID Nur einen CT (pve2-lxc-root, mehrfach möglich)
|
||||
--dry-run Nur anzeigen, nicht schreiben
|
||||
-h Hilfe
|
||||
|
||||
Beispiele:
|
||||
./install-authorized-keys.sh proxmox-root
|
||||
./install-authorized-keys.sh --remote root@192.168.10.5 proxmox-root
|
||||
./install-authorized-keys.sh vm101-jean
|
||||
./install-authorized-keys.sh pve2-lxc-root --ct 101
|
||||
EOF
|
||||
}
|
||||
|
||||
log() { printf '%s\n' "$*"; }
|
||||
|
||||
run() {
|
||||
if (( DRY_RUN )); then
|
||||
log "[dry-run] $*"
|
||||
else
|
||||
"$@"
|
||||
fi
|
||||
}
|
||||
|
||||
install_local_file() {
|
||||
local src="$1" dest="$2"
|
||||
run mkdir -p "$(dirname "$dest")"
|
||||
run chmod 700 "$(dirname "$dest")"
|
||||
if (( DRY_RUN )); then
|
||||
log "[dry-run] cp $src → $dest"
|
||||
head -3 "$src"
|
||||
log "… ($(wc -l <"$src") Zeilen)"
|
||||
else
|
||||
install -m 600 -o root -g root "$src" "$dest"
|
||||
log "Installiert: $dest ($(wc -l <"$dest") Keys)"
|
||||
fi
|
||||
}
|
||||
|
||||
install_remote() {
|
||||
local src="$1" remote="$2" dest="$3"
|
||||
if (( DRY_RUN )); then
|
||||
log "[dry-run] ssh $remote install -m 600 … ← $src"
|
||||
return
|
||||
fi
|
||||
ssh "$remote" "mkdir -p $(dirname "$dest") && chmod 700 $(dirname "$dest")"
|
||||
scp -q "$src" "$remote:/tmp/authorized_keys.new"
|
||||
ssh "$remote" "install -m 600 -o \$(id -un) -g \$(id -gn) /tmp/authorized_keys.new '$dest' && rm -f /tmp/authorized_keys.new"
|
||||
log "Installiert auf $remote:$dest"
|
||||
}
|
||||
|
||||
install_pve2_ct() {
|
||||
local src="$1" vmid="$2"
|
||||
if (( DRY_RUN )); then
|
||||
log "[dry-run] pct exec $vmid → /root/.ssh/authorized_keys"
|
||||
return
|
||||
fi
|
||||
pct exec "$vmid" -- mkdir -p /root/.ssh
|
||||
pct exec "$vmid" -- chmod 700 /root/.ssh
|
||||
pct push "$vmid" "$src" /root/.ssh/authorized_keys
|
||||
pct exec "$vmid" -- chmod 600 /root/.ssh/authorized_keys
|
||||
log "CT $vmid: /root/.ssh/authorized_keys ($(wc -l <"$src") Keys)"
|
||||
}
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--dest) DEST="$2"; shift 2 ;;
|
||||
--remote) REMOTE="$2"; shift 2 ;;
|
||||
--ct) CT_IDS+=("$2"); shift 2 ;;
|
||||
--dry-run) DRY_RUN=1; shift ;;
|
||||
-h|--help) usage; exit 0 ;;
|
||||
-*) echo "Unbekannte Option: $1" >&2; usage >&2; exit 1 ;;
|
||||
*) TARGET="$1"; shift ;;
|
||||
esac
|
||||
done
|
||||
|
||||
[[ -n "$TARGET" ]] || { usage >&2; exit 1; }
|
||||
[[ -d "$SSH_DIR/assembled" ]] || { echo "Fehlt: $SSH_DIR (git pull?)" >&2; exit 1; }
|
||||
|
||||
case "$TARGET" in
|
||||
proxmox-root)
|
||||
SRC="$SSH_DIR/assembled/proxmox-root.pub"
|
||||
DEST="${DEST:-/root/.ssh/authorized_keys}"
|
||||
if [[ -n "$REMOTE" ]]; then
|
||||
install_remote "$SRC" "$REMOTE" "$DEST"
|
||||
else
|
||||
install_local_file "$SRC" "$DEST"
|
||||
fi
|
||||
;;
|
||||
vm101-jean)
|
||||
SRC="$SSH_DIR/assembled/vm101-jean.pub"
|
||||
DEST="${DEST:-/home/jean/.ssh/authorized_keys}"
|
||||
REMOTE="${REMOTE:-jean@192.168.10.10}"
|
||||
install_remote "$SRC" "$REMOTE" "$DEST"
|
||||
;;
|
||||
pve2-lxc-root)
|
||||
SRC="$SSH_DIR/assembled/pve2-lxc-root.pub"
|
||||
if [[ ${#CT_IDS[@]} -eq 0 ]]; then
|
||||
CT_IDS=(101 109 110)
|
||||
fi
|
||||
for vmid in "${CT_IDS[@]}"; do
|
||||
install_pve2_ct "$SRC" "$vmid"
|
||||
done
|
||||
;;
|
||||
*)
|
||||
echo "Unbekanntes Target: $TARGET" >&2
|
||||
usage >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
Executable
+38
@@ -0,0 +1,38 @@
|
||||
#!/usr/bin/env bash
|
||||
# Regeneriert assembled/*.pub aus fragments/ (Dedupe nach Key-Material, Feld 2)
|
||||
set -euo pipefail
|
||||
ROOT="$(cd "$(dirname "$0")" && pwd)"
|
||||
FRAG="$ROOT/fragments"
|
||||
ASM="$ROOT/assembled"
|
||||
|
||||
dedupe() { awk '!seen[$2]++'; }
|
||||
|
||||
mkdir -p "$ASM"
|
||||
|
||||
build() {
|
||||
local out="$1"; shift
|
||||
{ for f in "$@"; do cat "$f"; done; } | grep -v '^#' | grep -v '^$' | dedupe > "$ASM/$out"
|
||||
}
|
||||
|
||||
build proxmox-root.pub \
|
||||
"$FRAG/admin-workstations.pub" \
|
||||
"$FRAG/host-pve1.pub" \
|
||||
"$FRAG/host-pve2.pub" \
|
||||
"$FRAG/legacy-pve1-rsa.pub"
|
||||
|
||||
build vm101-jean.pub \
|
||||
"$FRAG/admin-workstations.pub" \
|
||||
"$FRAG/admin-laptops-extra.pub" \
|
||||
"$FRAG/admin-mobile.pub" \
|
||||
"$FRAG/host-pve1.pub"
|
||||
|
||||
build pve2-lxc-root.pub \
|
||||
"$FRAG/admin-workstations.pub" \
|
||||
"$FRAG/host-pve2.pub" \
|
||||
"$FRAG/admin-laptops-extra.pub" \
|
||||
"$FRAG/admin-mobile.pub"
|
||||
|
||||
build authorized_keys.all.pub \
|
||||
"$FRAG"/*.pub
|
||||
|
||||
echo "OK: $(wc -l "$ASM"/*.pub | tail -1)"
|
||||
Reference in New Issue
Block a user