Ansible_workstation/tasks/ssh.yml

45 lines
1.0 KiB
YAML
Raw Normal View History

2018-08-24 08:00:59 +00:00
---
2018-08-24 08:04:57 +00:00
- name: Copy sshd_config
2018-08-24 08:00:59 +00:00
template:
src: files/sshd_config
dest: /etc/ssh/sshd_config
2018-08-24 09:00:52 +00:00
- name: Disable empty password login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PermitEmptyPasswords"
line: "PermitEmptyPasswords no"
- name: Disable remote root login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PermitRootLogin"
line: "PermitRootLogin no"
2018-08-24 09:14:48 +00:00
- name: debug
debug:
msg: "{{ deploy_public_key }}"
2018-08-24 09:00:52 +00:00
- name: Add public key for deploy user
authorized_key:
2018-08-24 08:59:13 +00:00
user: "{{ item.username }}"
2018-08-24 09:01:11 +00:00
key: "{{ lookup('file', deploy_public_key) }}"
2018-08-24 09:14:48 +00:00
state: present
2018-08-24 08:59:13 +00:00
with_items: "{{ deploy_users }}"
2018-08-24 09:00:52 +00:00
register: add_identity_key
- name: Disable password login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PasswordAuthentication"
line: "PasswordAuthentication no"
2018-08-24 09:14:48 +00:00
when: add_identity_key is success and not add_identity_key is skipped
2018-08-24 08:13:15 +00:00
notify: restart sshd
- name: Enable SSH daemon
service:
name: sshd
state: started
enabled: yes
2018-08-24 08:17:21 +00:00