40 lines
899 B
YAML
40 lines
899 B
YAML
---
|
|
- name: Disable Password Authentication
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '^PasswordAuthentication'
|
|
line: "PasswordAuthentication no"
|
|
state: present
|
|
backup: true
|
|
notify:
|
|
- Restart SSH
|
|
|
|
- name: Disable Root Login
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin'
|
|
line: "PermitRootLogin no"
|
|
state: present
|
|
backup: true
|
|
notify:
|
|
- Restart SSH
|
|
|
|
- name: Restrict host key
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '#HostKey /etc/ssh/ssh_host_ed25519_key'
|
|
line: "HostKey /etc/ssh/ssh_host_ed25519_key"
|
|
state: present
|
|
backup: true
|
|
notify:
|
|
- Restart SSH
|
|
|
|
- name: Configure sshd
|
|
ansible.builtin.copy:
|
|
src: "crypto.conf"
|
|
dest: "/etc/ssh/sshd_config.d/"
|
|
owner: root
|
|
group: root
|
|
mode: "0640"
|
|
notify:
|
|
- Restart SSH
|