omni-ansible/roles/sshd/tasks/main.yml

---
- name: Install SSH Banner
  become: true
  template:
    src: motd.j2
    dest: /etc/issue.net
    mode: 0644

- name: Set parameters in sshd config
  become: true
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "{{ item.match }}"
    line: "{{ item.set }}"
    state: present
  loop:
    - match: "#?PermitRootLogin (yes|no)"
      set: "PermitRootLogin no"
    - match: "#?Banner (none|/etc/issue.net)"
      set: "Banner /etc/issue.net"
    - match: "#?PasswordAuthentication (yes|no)"
      set: "PasswordAuthentication no"
    - match: "#?GSSAPIAuthentication (yes|no)"
      set: "GSSAPIAuthentication no"
    - match: "#?ChallengeResponseAuthentication (yes|no)"
      set: "ChallengeResponseAuthentication no"

- name: Restart sshd service
  when: restart_services | default(false) == true
  become: true
  systemd:
    name: sshd
    state: restarted
Add role for managing sshd settings 2019-11-17 04:22:33 +00:00			`---`
			`- name: Install SSH Banner`
			`become: true`
			`template:`
			`src: motd.j2`
			`dest: /etc/issue.net`
			`mode: 0644`

			`- name: Set parameters in sshd config`
			`become: true`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: "{{ item.match }}"`
			`line: "{{ item.set }}"`
			`state: present`
			`loop:`
			`- match: "#?PermitRootLogin (yes\|no)"`
			`set: "PermitRootLogin no"`
			`- match: "#?Banner (none\|/etc/issue.net)"`
			`set: "Banner /etc/issue.net"`
			`- match: "#?PasswordAuthentication (yes\|no)"`
			`set: "PasswordAuthentication no"`
			`- match: "#?GSSAPIAuthentication (yes\|no)"`
			`set: "GSSAPIAuthentication no"`
			`- match: "#?ChallengeResponseAuthentication (yes\|no)"`
			`set: "ChallengeResponseAuthentication no"`

			`- name: Restart sshd service`
			`when: restart_services \| default(false) == true`
			`become: true`
			`systemd:`
			`name: sshd`
			`state: restarted`