45 lines
1.1 KiB
YAML
45 lines
1.1 KiB
YAML
---
|
|
- name: Disable empty password login
|
|
ansible.builtin.lineinfile:
|
|
dest: "{{ sshd_config }}"
|
|
regexp: '^#?PermitEmptyPasswords'
|
|
line: 'PermitEmptyPasswords no'
|
|
# notify: Restart sshd
|
|
|
|
- name: Disable remote root login
|
|
ansible.builtin.lineinfile:
|
|
dest: "{{ sshd_config }}"
|
|
regexp: '^#?PermitRootLogin'
|
|
line: 'PermitRootLogin no'
|
|
# notify: Restart sshd
|
|
|
|
- name: Disable password login
|
|
ansible.builtin.lineinfile:
|
|
dest: "{{ sshd_config }}"
|
|
regexp: '^(#\s*)?PasswordAuthentication '
|
|
line: 'PasswordAuthentication no'
|
|
# notify: Restart sshd
|
|
|
|
- name: Disable challenge response auth
|
|
ansible.builtin.lineinfile:
|
|
dest: "{{ sshd_config }}"
|
|
regexp: '^(#\s*)?ChallengeResponseAuthentication '
|
|
line: 'ChallengeResponseAuthentication no'
|
|
# notify: Restart sshd
|
|
|
|
- name: Change SSH port
|
|
ansible.builtin.lineinfile:
|
|
dest: "{{ sshd_config }}"
|
|
regexp: '^#?Port 22'
|
|
line: "Port {{ sshd_port }}"
|
|
# notify: Restart sshd
|
|
|
|
- name: Restart sshd
|
|
ansible.builtin.service:
|
|
name: "{{ sshd }}"
|
|
state: restarted
|
|
|
|
- name: Set SSH port to custom config
|
|
set_fact:
|
|
ansible_port: "{{ sshd_port }}"
|