lab-ansible/roles/common/tasks/ssh.yml

# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Allow SSH login with public keys
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?PubkeyAuthentication '
    line: PubkeyAuthentication yes
    state: present
  notify: Restart sshd

- name: Disallow SSH login with password
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?PasswordAuthentication '
    line: PasswordAuthentication no
    state: present
  notify: Restart sshd

- name: Disallow root login over SSH
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?PermitRootLogin '
    line: PermitRootLogin no
    state: present
  notify: Restart sshd
Initial commit 2023-10-28 23:00:05 +00:00			`# vim: ft=yaml.ansible`
Prepare multi-host Ansible repo 2023-10-29 19:46:52 +00:00			`# code: language=ansible`
Initial commit 2023-10-28 23:00:05 +00:00			`---`
			`- name: Allow SSH login with public keys`
			`ansible.builtin.lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: '^#?PubkeyAuthentication '`
			`line: PubkeyAuthentication yes`
			`state: present`
			`notify: Restart sshd`

			`- name: Disallow SSH login with password`
			`ansible.builtin.lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: '^#?PasswordAuthentication '`
			`line: PasswordAuthentication no`
			`state: present`
			`notify: Restart sshd`

			`- name: Disallow root login over SSH`
			`ansible.builtin.lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: '^#?PermitRootLogin '`
			`line: PermitRootLogin no`
			`state: present`
			`notify: Restart sshd`