Add SSH key/password generation for this role
We generate an SSH key and password and then expose it in the role output. This is needed so we can bootstrap the machine with a root user account with which we have connection details for. We can then use that output to run the ssh-user-mgmt
role to get our standard Aptivate accounts there.
Over in https://git.coop/aptivate/ansible-roles/ssh-hardening/blob/master/tasks/main.yml#L26-34, we disable root SSH access. Also, the root password and key are effectively thrown away in the temporary directory from this change, so no one has access after it runs. That's fine because we still have the Lish console access. So, root, in practice, will be fairly locked down.