37 lines
926 B
YAML
37 lines
926 B
YAML
# vim: ft=yaml.ansible
|
|
---
|
|
- name: Add public SSH key to default user
|
|
authorized_key:
|
|
user: "{{ ansible_user }}"
|
|
key: "{{ ssh_key }}"
|
|
exclusive: true
|
|
|
|
- name: Allow SSH login with public keys
|
|
lineinfile:
|
|
regexp: '^#?PubkeyAuthentication '
|
|
line: PubkeyAuthentication yes
|
|
dest: /etc/ssh/sshd_config
|
|
register: ssh_pubkey
|
|
|
|
- name: Disallow SSH login with password
|
|
lineinfile:
|
|
regexp: '^#?PasswordAuthentication '
|
|
line: PasswordAuthentication no
|
|
dest: /etc/ssh/sshd_config
|
|
register: ssh_pw
|
|
|
|
- name: Disallow root login over SSH
|
|
lineinfile:
|
|
regexp: '^#?PermitRootLogin '
|
|
line: PermitRootLogin no
|
|
dest: /etc/ssh/sshd_config
|
|
register: ssh_root
|
|
|
|
- name: Restart sshd
|
|
service:
|
|
name: sshd
|
|
state: restarted
|
|
when: (ssh_pubkey is defined and ssh_pubkey.changed) or
|
|
(ssh_pw is defined and ssh_pw.changed) or
|
|
(ssh_root is defined and ssh_root.changed)
|