51 lines
1.1 KiB
YAML
51 lines
1.1 KiB
YAML
---
|
|
# - name: ssh -- Copy sshd_config
|
|
# template:
|
|
# src: files/sshd_config
|
|
# dest: /etc/ssh/sshd_config
|
|
|
|
- name: ssh -- Disable empty password login
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: "^#?PermitEmptyPasswords"
|
|
line: "PermitEmptyPasswords no"
|
|
backrefs: yes
|
|
tags:
|
|
- first_deployement
|
|
|
|
- name: ssh -- Disable remote root login
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: "^#?PermitRootLogin"
|
|
line: "PermitRootLogin no"
|
|
backrefs: yes
|
|
tags:
|
|
- first_deployement
|
|
|
|
- name: ssh -- Disable password login
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: "^#?PasswordAuthentication"
|
|
line: "PasswordAuthentication no"
|
|
backrefs: yes
|
|
when: add_identity_key is succeeded and not add_identity_key is skipped
|
|
notify: restart sshd
|
|
tags:
|
|
- first_deployement
|
|
|
|
- name: ssh -- Enable SSH daemon (not Debian)
|
|
service:
|
|
name: sshd
|
|
state: started
|
|
enabled: yes
|
|
tags:
|
|
- first_deployement
|
|
when: ansible_distribution != 'Debian'
|
|
|
|
- name: ssh -- Enable SSH daemon (Debian)
|
|
service:
|
|
name: ssh
|
|
state: started
|
|
enabled: yes
|
|
when: ansible_distribution == 'Debian'
|