hac/ansible/roles/sshd/tasks/main.yml

41 lines
885 B
YAML
Raw Normal View History

2024-03-20 13:45:58 +01:00
---
- name: Disable Password Authentication
ansible.builtin.lineinfile:
dest: /etc/ssh/sshd_config
2024-03-24 22:12:56 +01:00
regexp: ^PasswordAuthentication
line: PasswordAuthentication no
2024-03-20 13:45:58 +01:00
state: present
backup: true
notify:
- Restart SSH
- name: Disable Root Login
ansible.builtin.lineinfile:
dest: /etc/ssh/sshd_config
2024-03-24 22:12:56 +01:00
regexp: ^PermitRootLogin
line: PermitRootLogin no
2024-03-20 13:45:58 +01:00
state: present
backup: true
notify:
- Restart SSH
- name: Restrict host key
ansible.builtin.lineinfile:
dest: /etc/ssh/sshd_config
2024-03-24 22:12:56 +01:00
regexp: "#HostKey /etc/ssh/ssh_host_ed25519_key"
line: HostKey /etc/ssh/ssh_host_ed25519_key
2024-03-20 13:45:58 +01:00
state: present
backup: true
notify:
- Restart SSH
- name: Configure sshd
ansible.builtin.copy:
2024-03-24 22:12:56 +01:00
src: crypto.conf
dest: /etc/ssh/sshd_config.d/
2024-03-20 13:45:58 +01:00
owner: root
group: root
mode: "0640"
notify:
2024-03-20 14:02:57 +01:00
- Restart SSH