editing sshd and add public keys
This commit is contained in:
parent
90c34c513a
commit
85839d2385
@ -5,6 +5,9 @@
|
||||
vars_files:
|
||||
- vars/common.yml
|
||||
|
||||
vars:
|
||||
- deploy_public_key: files/id_ed25519_home.pub
|
||||
|
||||
tasks:
|
||||
- include: tasks/arch_CLI_packages.yml
|
||||
- include: tasks/zsh.yml
|
||||
|
||||
1
files/id_ed25519_embrevade.pub
Normal file
1
files/id_ed25519_embrevade.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUqG2jXhu8S4LIeaMCzXhR27TU85OJZzQF1Qmi21VL2 lafrite@Poivre
|
||||
1
files/id_ed25519_home.pub
Normal file
1
files/id_ed25519_home.pub
Normal file
@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdDO8452/DpTR8taSKa/i+rgAvrYP9Fv9hYLMuphHQ+ lafrite@Poivre
|
||||
@ -30,7 +30,6 @@
|
||||
|
||||
#LoginGraceTime 2m
|
||||
#PermitRootLogin prohibit-password
|
||||
PermitRootLogin no
|
||||
#StrictModes yes
|
||||
#MaxAuthTries 6
|
||||
#MaxSessions 10
|
||||
@ -55,7 +54,7 @@ AuthorizedKeysFile .ssh/authorized_keys
|
||||
#IgnoreRhosts yes
|
||||
|
||||
# To disable tunneled clear text passwords, change to no here!
|
||||
PasswordAuthentication no
|
||||
#PasswordAuthentication yes
|
||||
#PermitEmptyPasswords no
|
||||
|
||||
# Change to no to disable s/key passwords
|
||||
@ -116,5 +115,3 @@ Subsystem sftp /usr/lib/ssh/sftp-server
|
||||
# AllowTcpForwarding no
|
||||
# PermitTTY no
|
||||
# ForceCommand cvs server
|
||||
|
||||
AllowUser {% for user in me %}{{ user.username }}{% endfor %}
|
||||
|
||||
@ -3,6 +3,31 @@
|
||||
template:
|
||||
src: files/sshd_config
|
||||
dest: /etc/ssh/sshd_config
|
||||
|
||||
- name: Disable empty password login
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: "^#?PermitEmptyPasswords"
|
||||
line: "PermitEmptyPasswords no"
|
||||
|
||||
- name: Disable remote root login
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: "^#?PermitRootLogin"
|
||||
line: "PermitRootLogin no"
|
||||
|
||||
- name: Add public key for deploy user
|
||||
authorized_key:
|
||||
user: "{{ deploy_user.username }}"
|
||||
key: "{{ deploy_public_key }}"
|
||||
register: add_identity_key
|
||||
|
||||
- name: Disable password login
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: "^#?PasswordAuthentication"
|
||||
line: "PasswordAuthentication no"
|
||||
when: add_identity_key|success and not add_identity_key|skipped
|
||||
notify: restart sshd
|
||||
|
||||
- name: Enable SSH daemon
|
||||
|
||||
@ -7,3 +7,5 @@ deploy_users:
|
||||
- { username: 'waha', password: '$6$tQLlZ3lI/NDcT3.C$VCBzrpNxDgOK7b2que2/BnAYWl.zKVugZrQEPxtsq3iWcskEzQ1NvytZRXkB4GCDa/xEohxiodyCaZyFnhxby1', uid: '999'}
|
||||
|
||||
minimal: false
|
||||
deploy_public_key: files/id_ed25519_embrevade.pub
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user