--- # - name: Copy sshd_config # template: # src: files/sshd_config # dest: /etc/ssh/sshd_config - name: Disable empty password login lineinfile: dest: /etc/ssh/sshd_config regexp: "^#?PermitEmptyPasswords" line: "PermitEmptyPasswords no" backrefs: yes - name: Disable remote root login lineinfile: dest: /etc/ssh/sshd_config regexp: "^#?PermitRootLogin" line: "PermitRootLogin no" backrefs: yes - name: Add public key for deploy user authorized_key: user: "{{ item.username }}" key: "{{ lookup('file', deploy_public_key) }}" state: present with_items: "{{ deploy_users }}" register: add_identity_key - name: Disable password login lineinfile: dest: /etc/ssh/sshd_config regexp: "^#?PasswordAuthentication" line: "PasswordAuthentication no" backrefs: yes when: add_identity_key == success and not add_identity_key == skipped notify: restart sshd - name: Enable SSH daemon service: name: sshd state: started enabled: yes