Ansible_workstation/tasks/ssh.yml

---
# - name: Copy sshd_config
#   template:
#     src: files/sshd_config
#     dest: /etc/ssh/sshd_config

- name: Disable empty password login
  lineinfile: 
    dest: /etc/ssh/sshd_config
    regexp: "^#?PermitEmptyPasswords"
    line: "PermitEmptyPasswords no"
    backrefs: yes
  tags:
    - first_deployement

- name: Disable remote root login
  lineinfile: 
    dest: /etc/ssh/sshd_config 
    regexp: "^#?PermitRootLogin" 
    line: "PermitRootLogin no"
    backrefs: yes
  tags:
    - first_deployement

- name: Add public key for deploy user
  authorized_key: 
    user: "{{ item.username }}" 
    key: "{{ lookup('file', 'sshpubs/' + deploy_public_key) }}"
    state: present
  with_items: "{{ deploy_users }}"
  register: add_identity_key
  tags:
    - first_deployement

- name: Disable password login
  lineinfile: 
    dest: /etc/ssh/sshd_config
    regexp: "^#?PasswordAuthentication" 
    line: "PasswordAuthentication no"
    backrefs: yes
  when: add_identity_key is succeeded and not add_identity_key is skipped
  notify: restart sshd
  tags:
    - first_deployement

- name: Enable SSH daemon (not Debian)
  service: 
    name: sshd
    state: started
    enabled: yes
  tags:
    - first_deployement
  when: ansible_distribution != 'Debian'

- name: Enable SSH daemon (Debian)
  service: 
    name: ssh
    state: started
    enabled: yes
  when: ansible_distribution == 'Debian'
Start configure sshd 2018-08-24 08:00:59 +00:00			`---`
Still play with vars precedence and try backrefs for lineinfile 2018-08-24 09:22:07 +00:00			`# - name: Copy sshd_config`
			`# template:`
			`# src: files/sshd_config`
			`# dest: /etc/ssh/sshd_config`
editing sshd and add public keys 2018-08-24 09:00:52 +00:00
			`- name: Disable empty password login`
			`lineinfile:`
			`dest: /etc/ssh/sshd_config`
			`regexp: "^#?PermitEmptyPasswords"`
			`line: "PermitEmptyPasswords no"`
Still play with vars precedence and try backrefs for lineinfile 2018-08-24 09:22:07 +00:00			`backrefs: yes`
Feat(choux): add first_deployement tag 2018-11-07 09:57:55 +00:00			`tags:`
			`- first_deployement`
editing sshd and add public keys 2018-08-24 09:00:52 +00:00
			`- name: Disable remote root login`
			`lineinfile:`
			`dest: /etc/ssh/sshd_config`
			`regexp: "^#?PermitRootLogin"`
			`line: "PermitRootLogin no"`
Still play with vars precedence and try backrefs for lineinfile 2018-08-24 09:22:07 +00:00			`backrefs: yes`
Feat(choux): add first_deployement tag 2018-11-07 09:57:55 +00:00			`tags:`
			`- first_deployement`
editing sshd and add public keys 2018-08-24 09:00:52 +00:00
			`- name: Add public key for deploy user`
			`authorized_key:`
public keys 2018-08-24 08:59:13 +00:00			`user: "{{ item.username }}"`
Feat(Songe): mod ssh connectin policy between every body 2018-12-11 17:40:49 +00:00			`key: "{{ lookup('file', 'sshpubs/' + deploy_public_key) }}"`
Try to fix sshd 2018-08-24 09:14:48 +00:00			`state: present`
public keys 2018-08-24 08:59:13 +00:00			`with_items: "{{ deploy_users }}"`
editing sshd and add public keys 2018-08-24 09:00:52 +00:00			`register: add_identity_key`
Feat(choux): add first_deployement tag 2018-11-07 09:57:55 +00:00			`tags:`
			`- first_deployement`
editing sshd and add public keys 2018-08-24 09:00:52 +00:00
			`- name: Disable password login`
			`lineinfile:`
			`dest: /etc/ssh/sshd_config`
			`regexp: "^#?PasswordAuthentication"`
			`line: "PasswordAuthentication no"`
Still play with vars precedence and try backrefs for lineinfile 2018-08-24 09:22:07 +00:00			`backrefs: yes`
nop.. try succeeded 2018-08-25 13:15:17 +00:00			`when: add_identity_key is succeeded and not add_identity_key is skipped`
Config sshd 2018-08-24 08:13:15 +00:00			`notify: restart sshd`
Feat(choux): add first_deployement tag 2018-11-07 09:57:55 +00:00			`tags:`
			`- first_deployement`
Config sshd 2018-08-24 08:13:15 +00:00
feat(ssh): ssh daemon name 2019-02-06 19:18:37 +00:00			`- name: Enable SSH daemon (not Debian)`
Config sshd 2018-08-24 08:13:15 +00:00			`service:`
			`name: sshd`
			`state: started`
			`enabled: yes`
Feat(choux): add first_deployement tag 2018-11-07 09:57:55 +00:00			`tags:`
			`- first_deployement`
feat(ssh): ssh daemon name 2019-02-06 19:18:37 +00:00			`when: ansible_distribution != 'Debian'`
Add sshd handlers 2018-08-24 08:17:21 +00:00
feat(ssh): ssh daemon name 2019-02-06 19:18:37 +00:00			`- name: Enable SSH daemon (Debian)`
			`service:`
			`name: ssh`
			`state: started`
			`enabled: yes`
			`when: ansible_distribution == 'Debian'`