45 lines
1.1 KiB
YAML
45 lines
1.1 KiB
YAML
|
---
|
||
|
- name: Disable empty password login
|
||
|
ansible.builtin.lineinfile:
|
||
|
dest: "{{ sshd_config }}"
|
||
|
regexp: '^#?PermitEmptyPasswords'
|
||
|
line: 'PermitEmptyPasswords no'
|
||
|
# notify: Restart sshd
|
||
|
|
||
|
- name: Disable remote root login
|
||
|
ansible.builtin.lineinfile:
|
||
|
dest: "{{ sshd_config }}"
|
||
|
regexp: '^#?PermitRootLogin'
|
||
|
line: 'PermitRootLogin no'
|
||
|
# notify: Restart sshd
|
||
|
|
||
|
- name: Disable password login
|
||
|
ansible.builtin.lineinfile:
|
||
|
dest: "{{ sshd_config }}"
|
||
|
regexp: '^(#\s*)?PasswordAuthentication '
|
||
|
line: 'PasswordAuthentication no'
|
||
|
# notify: Restart sshd
|
||
|
|
||
|
- name: Disable challenge response auth
|
||
|
ansible.builtin.lineinfile:
|
||
|
dest: "{{ sshd_config }}"
|
||
|
regexp: '^(#\s*)?ChallengeResponseAuthentication '
|
||
|
line: 'ChallengeResponseAuthentication no'
|
||
|
# notify: Restart sshd
|
||
|
|
||
|
- name: Change SSH port
|
||
|
ansible.builtin.lineinfile:
|
||
|
dest: "{{ sshd_config }}"
|
||
|
regexp: '^#?Port 22'
|
||
|
line: "Port {{ sshd_port }}"
|
||
|
# notify: Restart sshd
|
||
|
|
||
|
- name: Restart sshd
|
||
|
ansible.builtin.service:
|
||
|
name: "{{ sshd }}"
|
||
|
state: restarted
|
||
|
|
||
|
- name: Set SSH port to custom config
|
||
|
set_fact:
|
||
|
ansible_port: "{{ sshd_port }}"
|