--- - hosts: - servers - desktops - laptops remote_user: root roles: - name: root_user - name: users - hosts: desktops:laptops remote_user: root tasks: - fetch: src: /etc/ssh/ssh_host_ed25519_key.pub dest: host_files/{{ inventory_hostname }} - name: /etc/ssh/ssh_config template: src: ssh_config.j2 dest: /etc/ssh/ssh_config - name: /etc/ssh/ssh_known_hosts template: src: ssh_known_hosts.j2 dest: /etc/ssh/ssh_known_hosts mode: 'u=rw,g=r,o=r' - hosts: - servers - desktops - laptops remote_user: root tasks: - name: fetch ssh public keys fetch: src: /home/{{item}}/.ssh/id_ed25519.pub dest: host_files fail_on_missing: yes loop: "{{ users.keys() | list }}" - name: delete ssh known hosts user files shell: rm /home/*/.ssh/known_hosts failed_when: false - hosts: - servers remote_user: root tasks: - name: read ssh public keys local_action: command fish -c 'cat host_files/*/home/{{item}}/.ssh/id_ed25519.pub' loop: "{{ users.keys() | list }}" register: _ssh_public_keys - name: authorize ssh public keys copy: content: "{{ _ssh_public_keys | json_query(\"results[?item=='\"+item+\"'].stdout\") | join(\"\n\") }}" dest: /home/{{item}}/.ssh/authorized_keys loop: "{{ users.keys() | list }}"