This repository has been archived on 2023-12-29. You can view files and clone it, but cannot push or open issues or pull requests.
pi-ansible/roles/os_config/tasks/ssh.yml

29 lines
704 B
YAML
Raw Normal View History

2022-12-22 19:18:27 +00:00
# vim: ft=yaml.ansible
---
- name: Add public SSH key to default user
authorized_key:
user: "{{ ansible_user }}"
key: "{{ ssh_key }}"
exclusive: true
- name: Allow SSH login with public keys
lineinfile:
regexp: '^#?PubkeyAuthentication '
line: PubkeyAuthentication yes
dest: /etc/ssh/sshd_config
2022-12-27 18:14:14 +00:00
notify: Restart sshd
2022-12-22 19:18:27 +00:00
- name: Disallow SSH login with password
lineinfile:
regexp: '^#?PasswordAuthentication '
line: PasswordAuthentication no
dest: /etc/ssh/sshd_config
2022-12-27 18:14:14 +00:00
notify: Restart sshd
2022-12-22 19:18:27 +00:00
- name: Disallow root login over SSH
lineinfile:
regexp: '^#?PermitRootLogin '
line: PermitRootLogin no
dest: /etc/ssh/sshd_config
2022-12-27 18:14:14 +00:00
notify: Restart sshd