This repository has been archived on 2023-12-29. You can view files and clone it, but cannot push or open issues or pull requests.
pi-ansible/roles/os_config/tasks/ssh.yml

32 lines
813 B
YAML
Raw Normal View History

2022-12-22 19:18:27 +00:00
# vim: ft=yaml.ansible
---
- name: Add public SSH key to default user
2023-03-22 18:31:21 +00:00
ansible.posix.authorized_key:
2022-12-22 19:18:27 +00:00
user: "{{ ansible_user }}"
key: "{{ ssh_keys | join('\n') }}"
2022-12-22 19:18:27 +00:00
exclusive: true
- name: Allow SSH login with public keys
2023-03-22 18:31:21 +00:00
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
2022-12-22 19:18:27 +00:00
regexp: '^#?PubkeyAuthentication '
line: PubkeyAuthentication yes
state: present
2022-12-31 14:53:24 +00:00
notify: sshd
2022-12-22 19:18:27 +00:00
- name: Disallow SSH login with password
2023-03-22 18:31:21 +00:00
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
2022-12-22 19:18:27 +00:00
regexp: '^#?PasswordAuthentication '
line: PasswordAuthentication no
state: present
2022-12-31 14:53:24 +00:00
notify: sshd
2022-12-22 19:18:27 +00:00
- name: Disallow root login over SSH
2023-03-22 18:31:21 +00:00
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
2022-12-22 19:18:27 +00:00
regexp: '^#?PermitRootLogin '
line: PermitRootLogin no
state: present
2022-12-31 14:53:24 +00:00
notify: sshd