hac/ansible/roles/sshd/tasks/main.yml

---
- name: Disable Password Authentication
  ansible.builtin.lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^PasswordAuthentication'
    line: "PasswordAuthentication no"
    state: present
    backup: true
  notify:
    - Restart SSH

- name: Disable Root Login
  ansible.builtin.lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin'
    line: "PermitRootLogin no"
    state: present
    backup: true
  notify:
    - Restart SSH

- name: Restrict host key
  ansible.builtin.lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '#HostKey /etc/ssh/ssh_host_ed25519_key'
    line: "HostKey /etc/ssh/ssh_host_ed25519_key"
    state: present
    backup: true
  notify:
    - Restart SSH

- name: Configure sshd
  ansible.builtin.copy:
    src: "crypto.conf"
    dest: "/etc/ssh/sshd_config.d/"
    owner: root
    group: root
    mode: "0640"
  notify:
    - Restart SSH
add ubuntu template 2024-03-20 13:45:58 +01:00			`---`
			`- name: Disable Password Authentication`
			`ansible.builtin.lineinfile:`
			`dest: /etc/ssh/sshd_config`
			`regexp: '^PasswordAuthentication'`
			`line: "PasswordAuthentication no"`
			`state: present`
			`backup: true`
			`notify:`
			`- Restart SSH`

			`- name: Disable Root Login`
			`ansible.builtin.lineinfile:`
			`dest: /etc/ssh/sshd_config`
			`regexp: '^PermitRootLogin'`
			`line: "PermitRootLogin no"`
			`state: present`
			`backup: true`
			`notify:`
			`- Restart SSH`

			`- name: Restrict host key`
			`ansible.builtin.lineinfile:`
			`dest: /etc/ssh/sshd_config`
			`regexp: '#HostKey /etc/ssh/ssh_host_ed25519_key'`
			`line: "HostKey /etc/ssh/ssh_host_ed25519_key"`
			`state: present`
			`backup: true`
			`notify:`
			`- Restart SSH`

			`- name: Configure sshd`
			`ansible.builtin.copy:`
			`src: "crypto.conf"`
			`dest: "/etc/ssh/sshd_config.d/"`
			`owner: root`
			`group: root`
			`mode: "0640"`
			`notify:`
fix linter issue 2024-03-20 14:02:57 +01:00			`- Restart SSH`