diff --git a/files/sshd_config b/files/sshd_config index 102cfe6..90a07b4 100644 --- a/files/sshd_config +++ b/files/sshd_config @@ -30,6 +30,7 @@ #LoginGraceTime 2m #PermitRootLogin prohibit-password +PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 @@ -54,7 +55,7 @@ AuthorizedKeysFile .ssh/authorized_keys #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes +PasswordAuthentication no #PermitEmptyPasswords no # Change to no to disable s/key passwords @@ -116,4 +117,4 @@ Subsystem sftp /usr/lib/ssh/sftp-server # PermitTTY no # ForceCommand cvs server -AllowUser {% for user in me %} {{ user.username }} {% endfor %} +AllowUser {% for user in me %}{{ user.username }}{% endfor %} diff --git a/tasks/ssh.yml b/tasks/ssh.yml index e18dfb7..fc223c3 100644 --- a/tasks/ssh.yml +++ b/tasks/ssh.yml @@ -3,3 +3,10 @@ template: src: files/sshd_config dest: /etc/ssh/sshd_config + notify: restart sshd + +- name: Enable SSH daemon + service: + name: sshd + state: started + enabled: yes