pi-ansible/roles/os_config/tasks/ssh.yml

# vim: ft=yaml.ansible
---
- name: Add public SSH key to default user
  authorized_key:
    user: "{{ ansible_user }}"
    key: "{{ ssh_key }}"
    exclusive: true

- name: Allow SSH login with public keys
  lineinfile:
    regexp: '^#?PubkeyAuthentication '
    line: PubkeyAuthentication yes
    dest: /etc/ssh/sshd_config
  notify: Restart sshd

- name: Disallow SSH login with password
  lineinfile:
    regexp: '^#?PasswordAuthentication '
    line: PasswordAuthentication no
    dest: /etc/ssh/sshd_config
  notify: Restart sshd

- name: Disallow root login over SSH
  lineinfile:
    regexp: '^#?PermitRootLogin '
    line: PermitRootLogin no
    dest: /etc/ssh/sshd_config
  notify: Restart sshd
Add os_config role 2022-12-22 19:18:27 +00:00			`# vim: ft=yaml.ansible`
			`---`
			`- name: Add public SSH key to default user`
			`authorized_key:`
			`user: "{{ ansible_user }}"`
			`key: "{{ ssh_key }}"`
			`exclusive: true`

			`- name: Allow SSH login with public keys`
			`lineinfile:`
			`regexp: '^#?PubkeyAuthentication '`
			`line: PubkeyAuthentication yes`
			`dest: /etc/ssh/sshd_config`
Use a handler to restart sshd 2022-12-27 18:14:14 +00:00			`notify: Restart sshd`
Add os_config role 2022-12-22 19:18:27 +00:00
			`- name: Disallow SSH login with password`
			`lineinfile:`
			`regexp: '^#?PasswordAuthentication '`
			`line: PasswordAuthentication no`
			`dest: /etc/ssh/sshd_config`
Use a handler to restart sshd 2022-12-27 18:14:14 +00:00			`notify: Restart sshd`
Add os_config role 2022-12-22 19:18:27 +00:00
			`- name: Disallow root login over SSH`
			`lineinfile:`
			`regexp: '^#?PermitRootLogin '`
			`line: PermitRootLogin no`
			`dest: /etc/ssh/sshd_config`
Use a handler to restart sshd 2022-12-27 18:14:14 +00:00			`notify: Restart sshd`