34 lines
1.2 KiB
YAML
34 lines
1.2 KiB
YAML
---
|
|
- name: Ensure SSH daemon is running.
|
|
service:
|
|
name: "{{ security_sshd_name }}"
|
|
state: "{{ security_sshd_state }}"
|
|
|
|
- name: Update SSH configuration to be more secure.
|
|
lineinfile:
|
|
dest: "{{ security_ssh_config_path }}"
|
|
regexp: "{{ item.regexp }}"
|
|
line: "{{ item.line }}"
|
|
state: present
|
|
validate: 'sshd -T -f %s'
|
|
mode: 0644
|
|
with_items:
|
|
- regexp: "^PasswordAuthentication"
|
|
line: "PasswordAuthentication {{ security_ssh_password_authentication }}"
|
|
- regexp: "^PermitRootLogin"
|
|
line: "PermitRootLogin {{ security_ssh_permit_root_login }}"
|
|
- regexp: "^Port"
|
|
line: "Port {{ security_ssh_port }}"
|
|
- regexp: "^UseDNS"
|
|
line: "UseDNS {{ security_ssh_usedns }}"
|
|
- regexp: "^PermitEmptyPasswords"
|
|
line: "PermitEmptyPasswords {{ security_ssh_permit_empty_password }}"
|
|
- regexp: "^ChallengeResponseAuthentication"
|
|
line: "ChallengeResponseAuthentication {{ security_ssh_challenge_response_auth }}"
|
|
- regexp: "^GSSAPIAuthentication"
|
|
line: "GSSAPIAuthentication {{ security_ssh_gss_api_authentication }}"
|
|
- regexp: "^X11Forwarding"
|
|
line: "X11Forwarding {{ security_ssh_x11_forwarding }}"
|
|
notify: restart ssh
|
|
|