2024-03-20 13:45:58 +01:00
|
|
|
---
|
|
|
|
|
- name: Disable Password Authentication
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
dest: /etc/ssh/sshd_config
|
2024-03-24 22:12:56 +01:00
|
|
|
regexp: ^PasswordAuthentication
|
|
|
|
|
line: PasswordAuthentication no
|
2024-03-20 13:45:58 +01:00
|
|
|
state: present
|
|
|
|
|
backup: true
|
|
|
|
|
notify:
|
|
|
|
|
- Restart SSH
|
|
|
|
|
|
|
|
|
|
- name: Disable Root Login
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
dest: /etc/ssh/sshd_config
|
2024-03-24 22:12:56 +01:00
|
|
|
regexp: ^PermitRootLogin
|
|
|
|
|
line: PermitRootLogin no
|
2024-03-20 13:45:58 +01:00
|
|
|
state: present
|
|
|
|
|
backup: true
|
|
|
|
|
notify:
|
|
|
|
|
- Restart SSH
|
|
|
|
|
|
|
|
|
|
- name: Restrict host key
|
|
|
|
|
ansible.builtin.lineinfile:
|
|
|
|
|
dest: /etc/ssh/sshd_config
|
2024-03-24 22:12:56 +01:00
|
|
|
regexp: "#HostKey /etc/ssh/ssh_host_ed25519_key"
|
|
|
|
|
line: HostKey /etc/ssh/ssh_host_ed25519_key
|
2024-03-20 13:45:58 +01:00
|
|
|
state: present
|
|
|
|
|
backup: true
|
|
|
|
|
notify:
|
|
|
|
|
- Restart SSH
|
|
|
|
|
|
|
|
|
|
- name: Configure sshd
|
|
|
|
|
ansible.builtin.copy:
|
2024-03-24 22:12:56 +01:00
|
|
|
src: crypto.conf
|
|
|
|
|
dest: /etc/ssh/sshd_config.d/
|
2024-03-20 13:45:58 +01:00
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "0640"
|
|
|
|
|
notify:
|
2024-03-20 14:02:57 +01:00
|
|
|
- Restart SSH
|
