Ansible_workstation/tasks/ssh.yml
2018-08-24 10:59:13 +02:00

40 lines
932 B
YAML

---
- name: Copy sshd_config
template:
src: files/sshd_config
dest: /etc/ssh/sshd_config
- name: Disable empty password login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PermitEmptyPasswords"
line: "PermitEmptyPasswords no"
- name: Disable remote root login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PermitRootLogin"
line: "PermitRootLogin no"
- name: Add public key for deploy user
authorized_key:
user: "{{ item.username }}"
key: "{{ deploy_public_key }}"
with_items: "{{ deploy_users }}"
register: add_identity_key
- name: Disable password login
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PasswordAuthentication"
line: "PasswordAuthentication no"
when: add_identity_key|success and not add_identity_key|skipped
notify: restart sshd
- name: Enable SSH daemon
service:
name: sshd
state: started
enabled: yes