2018-08-24 08:00:59 +00:00
|
|
|
---
|
2018-08-24 08:04:57 +00:00
|
|
|
- name: Copy sshd_config
|
2018-08-24 08:00:59 +00:00
|
|
|
template:
|
|
|
|
src: files/sshd_config
|
|
|
|
dest: /etc/ssh/sshd_config
|
2018-08-24 09:00:52 +00:00
|
|
|
|
|
|
|
- name: Disable empty password login
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/ssh/sshd_config
|
|
|
|
regexp: "^#?PermitEmptyPasswords"
|
|
|
|
line: "PermitEmptyPasswords no"
|
|
|
|
|
|
|
|
- name: Disable remote root login
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/ssh/sshd_config
|
|
|
|
regexp: "^#?PermitRootLogin"
|
|
|
|
line: "PermitRootLogin no"
|
|
|
|
|
2018-08-24 09:14:48 +00:00
|
|
|
- name: debug
|
|
|
|
debug:
|
|
|
|
msg: "{{ deploy_public_key }}"
|
|
|
|
|
2018-08-24 09:00:52 +00:00
|
|
|
- name: Add public key for deploy user
|
|
|
|
authorized_key:
|
2018-08-24 08:59:13 +00:00
|
|
|
user: "{{ item.username }}"
|
2018-08-24 09:01:11 +00:00
|
|
|
key: "{{ lookup('file', deploy_public_key) }}"
|
2018-08-24 09:14:48 +00:00
|
|
|
state: present
|
2018-08-24 08:59:13 +00:00
|
|
|
with_items: "{{ deploy_users }}"
|
2018-08-24 09:00:52 +00:00
|
|
|
register: add_identity_key
|
|
|
|
|
|
|
|
- name: Disable password login
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/ssh/sshd_config
|
|
|
|
regexp: "^#?PasswordAuthentication"
|
|
|
|
line: "PasswordAuthentication no"
|
2018-08-24 09:14:48 +00:00
|
|
|
when: add_identity_key is success and not add_identity_key is skipped
|
2018-08-24 08:13:15 +00:00
|
|
|
notify: restart sshd
|
|
|
|
|
|
|
|
- name: Enable SSH daemon
|
|
|
|
service:
|
|
|
|
name: sshd
|
|
|
|
state: started
|
|
|
|
enabled: yes
|
2018-08-24 08:17:21 +00:00
|
|
|
|