Adding option for secondary user to receive public keys

README.md

@@ -29,6 +29,7 @@ If the "base_core_hostname" variable is defined, it is recommended to set the an
 | base_core_root_ca_url                        | ""            |             | URL of a Root CA to install                                                |
 | base_core_ssh_permit_password_authentication | False         | True, False | Permits the use of passwords for ssh                                       |
 | base_core_ssh_permit_root_login              | False         | True, False | Permits the use of root logins for ssh                                     |
+| base_core_ssh_public_keys_user               | ""            |             | Added the public keys to an additional user if defined                     |
 | base_core_timezone                           | America/Boise |             | Defines the timezone to apply to the client                                |
 | base_core_web_management                     | False         | True, False | Enables installation of the Cockpit web management package(s)              |
 

roles/base/defaults/main.yml

@@ -53,6 +53,9 @@ base_core_root_ca_url: ""
 # SSH
 # ===
 
+# Added the public keys to an additional user if defined
+base_core_ssh_public_keys_user: ""
+
 # Allow ssh root login
 base_core_ssh_permit_root_login: false
 

roles/base/tasks/core_ssh.yml

@@ -28,6 +28,17 @@
   tags:
   - authorized_key
 
+- name: Setup authorized keys for secondary user
+  authorized_key:
+    user: "{{ base_core_ssh_public_keys_user }}"
+    state: present
+    key: '{{ lookup("file", item) }}'
+  with_fileglob:
+    - "public_keys/*"
+  when: base_core_ssh_public_keys_user != ""
+  tags:
+  - authorized_key
+
 - name: Configure SSH root login
   lineinfile:
     path: /etc/ssh/sshd_config