Some automation steps after a Linux machine is installed. Tasks too light for Ansible or equivalents. Cloud-init not possible in all situations.
First focus is Ubuntu 22.04. Some requirements from the past are now integrated in setup like:
- Root password disabled
- Create a work user with password enabled-sudo
- Have a '.ssh' (700) folder and within that an empty 'authorized_keys' (600) file.
- Have aliasses like 'll' active.
- Have byobu installed
So what's left is:
- Fill ~/.ssh/authorized_keys with at least two FIDO2 backed public ssh keys. These keys are derived from a FIDO2 backed, hardware dependant private ssh keys. At least two for is a hardware keys is lost or broken.
- Get the right 'tmux.conf' in ~/.byobu.
- Configure sshd (at least version 8.2 for FIDO2 support) to:
- Not accept passwords any more, only PubKeyAuthentication
- Make only ed25519 keys for the hast and accepting clients valid.
[this list and that of supported operating systems may grow]
//Serge