36 lines
981 B
YAML
36 lines
981 B
YAML
|
---
|
||
|
|
# tasks file for core
|
||
|
|
- name: Install os-specific packages
|
||
|
|
include_tasks: "{{ ansible_os_family | lower }}.yml"
|
||
|
|
|
||
|
|
- name: Add identity key to authorized keys on host
|
||
|
|
authorized_key:
|
||
|
|
user: "{{ ssh_target_user }}"
|
||
|
|
key: "{{ ssh_publickey }}"
|
||
|
|
register: add_identity_key
|
||
|
|
when: ssh_target_user is defined and ssh_publickey is defined
|
||
|
|
|
||
|
|
- name: Disable empty password login
|
||
|
|
lineinfile:
|
||
|
|
dest: "{{ sshd_configfilename }}"
|
||
|
|
regexp: '^#?PermitEmptyPasswords'
|
||
|
|
line: 'PermitEmptyPasswords no'
|
||
|
|
notify: restart sshd
|
||
|
|
|
||
|
|
- name: Disable remote root login
|
||
|
|
lineinfile:
|
||
|
|
dest: "{{ sshd_configfilename }}"
|
||
|
|
regexp: '^#?PermitRootLogin'
|
||
|
|
line: 'PermitRootLogin no'
|
||
|
|
notify: restart sshd
|
||
|
|
|
||
|
|
- name: Disable password login
|
||
|
|
lineinfile:
|
||
|
|
dest: "{{ sshd_configfilename }}"
|
||
|
|
regexp: '^(#\s*)?PasswordAuthentication '
|
||
|
|
line: 'PasswordAuthentication no'
|
||
|
|
when:
|
||
|
|
- add_identity_key is succeeded
|
||
|
|
- not add_identity_key is skipped
|
||
|
|
notify: restart sshd
|