40 lines
932 B
YAML
40 lines
932 B
YAML
---
|
|
- name: Copy sshd_config
|
|
template:
|
|
src: files/sshd_config
|
|
dest: /etc/ssh/sshd_config
|
|
|
|
- name: Disable empty password login
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: "^#?PermitEmptyPasswords"
|
|
line: "PermitEmptyPasswords no"
|
|
|
|
- name: Disable remote root login
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: "^#?PermitRootLogin"
|
|
line: "PermitRootLogin no"
|
|
|
|
- name: Add public key for deploy user
|
|
authorized_key:
|
|
user: "{{ item.username }}"
|
|
key: "{{ deploy_public_key }}"
|
|
with_items: "{{ deploy_users }}"
|
|
register: add_identity_key
|
|
|
|
- name: Disable password login
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: "^#?PasswordAuthentication"
|
|
line: "PasswordAuthentication no"
|
|
when: add_identity_key|success and not add_identity_key|skipped
|
|
notify: restart sshd
|
|
|
|
- name: Enable SSH daemon
|
|
service:
|
|
name: sshd
|
|
state: started
|
|
enabled: yes
|
|
|