From 155156582598049e38c9ed01788f3ea304724dfd Mon Sep 17 00:00:00 2001
From: Jose <joseraj@gmail.com>
Date: Sun, 14 Dec 2025 06:19:09 +0100
Subject: [PATCH] =?UTF-8?q?fix=20=F0=9F=90=9B:=20Remove=20unprivileged=20k?=
 =?UTF-8?q?ey=20management?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit addresses a security concern by removing unnecessary and potentially risky tasks related to authorized key management for unprivileged users. This simplifies the system and reduces the attack surface. The changes align with best practices for user access control.
---
 tasks/unpriv-user.yml | 40 ++++++++++++++++++++--------------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/tasks/unpriv-user.yml b/tasks/unpriv-user.yml
index 1e8c409..91f659c 100644
--- a/tasks/unpriv-user.yml
+++ b/tasks/unpriv-user.yml
@@ -10,28 +10,28 @@
     skeleton: /etc/skel
     append: true
 
-- name: Check the primary key for the unprivileged user
-  ansible.posix.authorized_key:
-    user: "{{ interactive_user }}"
-    key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
-    state: present
-    exclusive: false
-  register: setkey
+# - name: Check the primary key for the unprivileged user
+#   ansible.posix.authorized_key:
+#     user: "{{ interactive_user }}"
+#     key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
+#     state: present
+#     exclusive: false
+#   register: setkey
 
-- name: Re-set the primary key as exclusive, if we found that the key was not present yet # noqa: no-handler
-  when: setkey.changed
-  ansible.posix.authorized_key:
-    user: "{{ interactive_user }}"
-    key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
-    state: present
-    exclusive: true
+# - name: Re-set the primary key as exclusive, if we found that the key was not present yet # noqa: no-handler
+#   when: setkey.changed
+#   ansible.posix.authorized_key:
+#     user: "{{ interactive_user }}"
+#     key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
+#     state: present
+#     exclusive: true
 
-- name: Set the secondary key for the unprivileged user
-  ansible.posix.authorized_key:
-    user: "{{ interactive_user }}"
-    key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-2.pub') }}"
-    state: present
-    exclusive: false
+# - name: Set the secondary key for the unprivileged user
+#   ansible.posix.authorized_key:
+#     user: "{{ interactive_user }}"
+#     key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-2.pub') }}"
+#     state: present
+#     exclusive: false
 
 - name: Install required package to become unprivileged users
   ansible.builtin.apt: