This repository has been archived on 2024-05-02. You can view files and clone it, but cannot push or open issues or pull requests.
omni-ansible/tasks/sshd/secure.yml

30 lines
824 B
YAML
Raw Permalink Normal View History

2019-11-17 04:22:33 +00:00
---
- name: Set parameters in sshd config
become: true
lineinfile:
path: /etc/ssh/sshd_config
regexp: "{{ item.match }}"
line: "{{ item.set }}"
state: present
loop:
- match: "#?PermitRootLogin (yes|no)"
set: "PermitRootLogin no"
- match: "#?Banner (none|/etc/issue.net)"
set: "Banner /etc/issue.net"
- match: "#?PasswordAuthentication (yes|no)"
set: "PasswordAuthentication no"
- match: "#?GSSAPIAuthentication (yes|no)"
set: "GSSAPIAuthentication no"
- match: "#?ChallengeResponseAuthentication (yes|no)"
set: "ChallengeResponseAuthentication no"
loop_control:
label: "{{ item.set }}"
register: _sshd_config_result
2019-11-17 04:22:33 +00:00
- name: Restart sshd service
when: _sshd_config_result.changed
2019-11-17 04:22:33 +00:00
become: true
systemd:
name: sshd
state: restarted