From fa19dc5992fedc8d184ab8c504a66d8ab199b6d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= Date: Fri, 18 Dec 2020 13:59:30 +0100 Subject: [PATCH] Add public key pinning in authorized-keys command --- ansible/tasks/userdb/templates/usr/local/bin/authorized-keys.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/userdb/templates/usr/local/bin/authorized-keys.j2 b/ansible/tasks/userdb/templates/usr/local/bin/authorized-keys.j2 index 1f9b6c2..e9ee3d5 100755 --- a/ansible/tasks/userdb/templates/usr/local/bin/authorized-keys.j2 +++ b/ansible/tasks/userdb/templates/usr/local/bin/authorized-keys.j2 @@ -1,6 +1,6 @@ #!/bin/sh user="$(id -u "$1")" -curl -s "{{ userdb_apidomain }}/v1/ssh_public_key?uid=eq.$user&select=type,key" \ +curl --pinnedpubkey "QUfPGxRcqlRoehidvMEsF/R1Ee1MXkb3Sxw+MNTARdY=" -s "{{ userdb_apidomain }}/v1/ssh_public_key?uid=eq.$user&select=type,key" \ | jq -r 'map(.type + " " + .key) | .[]'