From 7b61edf307cbad46e359a5894d6e8a680d882401 Mon Sep 17 00:00:00 2001
From: Mickael Asseline <mickael@papamica.com>
Date: Thu, 8 Jul 2021 17:36:08 +0000
Subject: [PATCH] docs: update Configuration/Ansible/Installation

---
 Configuration/Ansible/Installation.md | 89 ++++++++++++++++++++++++++-
 1 file changed, 88 insertions(+), 1 deletion(-)

diff --git a/Configuration/Ansible/Installation.md b/Configuration/Ansible/Installation.md
index 3f8a1ad..88faec3 100644
--- a/Configuration/Ansible/Installation.md
+++ b/Configuration/Ansible/Installation.md
@@ -2,7 +2,7 @@
 title: Ansible - Installation et configuration
 description: Mettre en place Ansible dans son environnement
 published: true
-date: 2021-07-08T17:18:58.350Z
+date: 2021-07-08T17:36:05.922Z
 tags: ansible, configuration
 editor: markdown
 dateCreated: 2021-07-08T17:18:58.350Z
@@ -83,3 +83,90 @@ ou installation (raw ne dépend pas de python côté client)
 ansible myhost --become -m raw -a "yum install -y python2"
 ``` 
 Doc : https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#ansible-python-interpreter
+
+# Configuration SSH
+
+<div class="video-responsive">
+<iframe width="560" height="315" src="https://www.youtube.com/embed/dpDQ94huxmI" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
+    </div>
+
+## Principes clefs
+* clef privée
+* clef privée
+* type de clef / algorithme (rsa, dsa, ecdsa)
+* longeur de clef (dépend de l'algo ecdsa 521)
+
+## Gestion d'une clef SSH
+
+### Génération via ssh-keygen
+```bash
+ssh-keygen -t ecdsa -b 521
+```
+
+Spécifier la localisation de sortie
+```bash
+ssh-keygen -t ecdsa -b 521 -f /myhome/.ssh/maclefprivee
+```
+
+> Configurez une passphrase sinon une clef ssh est plus dangereuse qu'un password
+{.is-warning}
+
+### Ajout de votre clef publique sur le host distant
+```bash
+vim /home/user/.ssh/authorized_keys
+```
+Ou via ssh-copy-id
+```bash
+ssh-copy-id -i /myhome/.ssh/maclefprivee xavki@monhost
+``` 
+
+Remarque : specific pour une ip
+```bash
+from="10.0.0.?,*.example.com",no-X11-forwarding ssh-rsa AB3Nz...EN8w== xavki@monhost
+```
+
+
+### Utilisation de la clef
+```bash
+ssh -i /localisation/clef/privee xavki@monhost
+```
+
+Ou plus facilement par un agent ssh (embarque votre configuration ssh)
+
+Check si un agent tourne
+```bash
+ps -p $SSH_AGENT_PID
+```
+Lancement d'un agent ssh
+```bash
+eval `ssh-agent`
+```
+Ajout de la clef à l'agent
+```bash
+ssh-add
+```
+Check de la clef de l'agent
+```bash
+ssh-add -l
+```
+
+Exemple :
+```bash
+touch ~/.ssh/config
+chmod 600 ~/.ssh/config
+cat ~/.ssh/config
+
+Host * !monhost*
+    User vagrant
+    Port 22
+    IdentityFile /myhome/.ssh/maclefprivee
+    LogLevel INFO
+    Compression yes
+    ForwardAgent yes
+    ForwardX11 yes
+```
+
+Astuce pour bypasser la conf
+```bash
+ssh -F /dev/null xavki@monhost
+```
\ No newline at end of file