editing sshd and add public keys

2018-08-24 11:00:52 +02:00
parent 90c34c513a
commit 85839d2385
6 changed files with 33 additions and 4 deletions
--- a/tasks/ssh.yml
+++ b/tasks/ssh.yml
@@ -3,6 +3,31 @@
  template:
    src: files/sshd_config
    dest: /etc/ssh/sshd_config
+
+- name: Disable empty password login
+  lineinfile: 
+    dest: /etc/ssh/sshd_config
+    regexp: "^#?PermitEmptyPasswords"
+    line: "PermitEmptyPasswords no"
+
+- name: Disable remote root login
+  lineinfile: 
+    dest: /etc/ssh/sshd_config 
+    regexp: "^#?PermitRootLogin" 
+    line: "PermitRootLogin no"
+
+- name: Add public key for deploy user
+  authorized_key: 
+    user: "{{ deploy_user.username }}" 
+    key: "{{ deploy_public_key }}"
+  register: add_identity_key
+
+- name: Disable password login
+  lineinfile: 
+    dest: /etc/ssh/sshd_config
+    regexp: "^#?PasswordAuthentication" 
+    line: "PasswordAuthentication no"
+  when: add_identity_key|success and not add_identity_key|skipped
  notify: restart sshd

 - name: Enable SSH daemon