---
- name: Ensure SSH daemon is running.
  service:
    name: "{{ security_sshd_name }}"
    state: "{{ security_sshd_state }}"

- name: Update SSH configuration to be more secure.
  lineinfile:
    dest: "{{ security_ssh_config_path }}"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: present
    validate: 'sshd -T -f %s'
    mode: 0644
  with_items:
    - regexp: "^PasswordAuthentication"
      line: "PasswordAuthentication {{ security_ssh_password_authentication }}"
    - regexp: "^PermitRootLogin"
      line: "PermitRootLogin {{ security_ssh_permit_root_login }}"
    - regexp: "^Port"
      line: "Port {{ security_ssh_port }}"
    - regexp: "^UseDNS"
      line: "UseDNS {{ security_ssh_usedns }}"
    - regexp: "^PermitEmptyPasswords"
      line: "PermitEmptyPasswords {{ security_ssh_permit_empty_password }}"
    - regexp: "^ChallengeResponseAuthentication"
      line: "ChallengeResponseAuthentication {{ security_ssh_challenge_response_auth }}"
    - regexp: "^GSSAPIAuthentication"
      line: "GSSAPIAuthentication {{ security_ssh_gss_api_authentication }}"
    - regexp: "^X11Forwarding"
      line: "X11Forwarding {{ security_ssh_x11_forwarding }}"
    - regexp: "^ListenAddress"
      line: "ListenAddress {{ ip_admin }}"
  notify: restart ssh