From c266a55213b9a67c92410b81765431f58713b545 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Reynir=20Bj=C3=B6rnsson?= <reynir@reynir.dk>
Date: Sun, 13 Dec 2020 15:25:21 +0100
Subject: [PATCH] Disallow ssh passwords

---
 roles/ubuntu_base/tasks/main.yml | 1 +
 roles/ubuntu_base/tasks/sshd.yml | 6 ++++++
 2 files changed, 7 insertions(+)
 create mode 100644 roles/ubuntu_base/tasks/sshd.yml

diff --git a/roles/ubuntu_base/tasks/main.yml b/roles/ubuntu_base/tasks/main.yml
index 1db59dd..4bc040c 100644
--- a/roles/ubuntu_base/tasks/main.yml
+++ b/roles/ubuntu_base/tasks/main.yml
@@ -2,3 +2,4 @@
 - import_tasks: upgrade.yml
 - import_tasks: base.yml
 - import_tasks: users.yml
+- import_tasks: sshd.yml
diff --git a/roles/ubuntu_base/tasks/sshd.yml b/roles/ubuntu_base/tasks/sshd.yml
new file mode 100644
index 0000000..05a5e57
--- /dev/null
+++ b/roles/ubuntu_base/tasks/sshd.yml
@@ -0,0 +1,6 @@
+---
+- name: Disallow ssh password login
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    line: "PasswordAuthentication no"
+    regexp: "^#?PasswordAuthentication "
-- 
2.40.1