system/tasks/ssh.yml

- name: Ensure SSH instalation
  become: true
  ansible.builtin.package:
    name: '{{ system_ssh_package }}'
    state: present
- name: Ensure .ssh exist  for user
  become: true
  ansible.builtin.file:
    state: directory
    path: '/home/{{ item }}/.ssh'
    owner: '{{ item }}'
    mode: 0700
  with_items:
    - '{{ user.name }}'
    - ansible

- name: Copy  ssh config for user
  become: true
  ansible.builtin.template:
    dest: '/home/{{ item }}/.ssh/config'
    src: 'ssh/config.j2'
    force: true
    remote_src: false
    mode: '600'
    selevel: s0
    owner: '{{ item }}'
  with_items:
    - '{{ user.name }}'
    - ansible
- name: Ensure root ssh directory exist
  become: true
  ansible.builtin.file:
    state: directory
    path: '/root/.ssh'
    owner: 'root'
    mode: 0700

- name: Copy  ssh config for root
  become: true
  ansible.builtin.copy:
    dest: /root/.ssh/
    src: 'ssh/config'
    force: true
    remote_src: false
    mode: '600'
    selevel: s0
    owner: 'root'

- name: Ensure key directory exist
  become: true
  ansible.builtin.file:
    state: directory
    path: '{{ item.keyfile | dirname }}'
    owner: '{{ item.user }}'
    mode: 0700
  with_items: '{{ privatekeytodeploy }}'

- name: Install ssh private key
  become: true
  ansible.builtin.copy:
    content: '{{ item.privatekey }}'
    dest: '{{ item.keyfile }}'
    mode: 0600
    owner: '{{ item.user }}'
  with_items: '{{ privatekeytodeploy }}'

- name: Deploy SSH-Keys to remote host
  ansible.posix.authorized_key:
    user: '{{ item.user }}'
    key: '{{ item.sshkey }}'
    exclusive: false
  with_items: '{{ keystodeploy }}'
  become: true

- name: Les connexions par mot de passe sont désactivées
  become: true
  ansible.builtin.lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^#?PasswordAuthentication'
    line: 'PasswordAuthentication no'
    state: present
  notify: Restart sshd

- name: Remove root SSH access
  become: true
  ansible.builtin.lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin'
    line: 'PermitRootLogin no'
    state: present
  notify: Restart sshd
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`- name: Ensure SSH instalation`
custom SSH install 2022-10-23 13:28:33 +00:00			`become: true`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`ansible.builtin.package:`
			`name: '{{ system_ssh_package }}'`
custom SSH install 2022-10-23 13:28:33 +00:00			`state: present`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`- name: Ensure .ssh exist for user`
add .ssh check 2022-11-06 18:10:26 +00:00			`become: true`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`ansible.builtin.file:`
add .ssh check 2022-11-06 18:10:26 +00:00			`state: directory`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`path: '/home/{{ item }}/.ssh'`
			`owner: '{{ item }}'`
add .ssh check 2022-11-06 18:10:26 +00:00			`mode: 0700`
			`with_items:`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`- '{{ user.name }}'`
configure ssh for ansible user 2022-11-11 16:49:55 +00:00			`- ansible`
add .ssh check 2022-11-06 18:10:26 +00:00
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`- name: Copy ssh config for user`
linting 2022-02-13 08:40:15 +00:00			`become: true`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`ansible.builtin.template:`
			`dest: '/home/{{ item }}/.ssh/config'`
			`src: 'ssh/config.j2'`
linting 2022-02-13 08:40:15 +00:00			`force: true`
			`remote_src: false`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`mode: '600'`
linting 2022-02-13 08:40:15 +00:00			`selevel: s0`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`owner: '{{ item }}'`
improve ssh key managemnt 2020-03-01 20:06:02 +00:00			`with_items:`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`- '{{ user.name }}'`
configure ssh for ansible user 2022-11-11 16:49:55 +00:00			`- ansible`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`- name: Ensure root ssh directory exist`
resolve conflict 2021-07-10 12:41:35 +00:00			`become: true`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`ansible.builtin.file:`
resolve conflict 2021-07-10 12:41:35 +00:00			`state: directory`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`path: '/root/.ssh'`
			`owner: 'root'`
resolve conflict 2021-07-10 12:41:35 +00:00			`mode: 0700`

style: correct ansible lint 2022-12-10 17:51:03 +00:00			`- name: Copy ssh config for root`
linting 2022-02-13 08:40:15 +00:00			`become: true`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`ansible.builtin.copy:`
linting 2022-02-13 08:40:15 +00:00			`dest: /root/.ssh/`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`src: 'ssh/config'`
linting 2022-02-13 08:40:15 +00:00			`force: true`
			`remote_src: false`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`mode: '600'`
linting 2022-02-13 08:40:15 +00:00			`selevel: s0`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`owner: 'root'`
resolve conflict 2021-07-10 12:41:35 +00:00
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`- name: Ensure key directory exist`
fix issue with .ssh directory not existing 2021-07-10 12:40:17 +00:00			`become: true`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`ansible.builtin.file:`
fix issue with .ssh directory not existing 2021-07-10 12:40:17 +00:00			`state: directory`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`path: '{{ item.keyfile \| dirname }}'`
			`owner: '{{ item.user }}'`
resolve conflict 2021-07-10 12:41:35 +00:00			`mode: 0700`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`with_items: '{{ privatekeytodeploy }}'`
improve ssh key managemnt 2020-03-01 20:06:02 +00:00
modify ssh key management 2021-04-20 08:18:56 +00:00			`- name: Install ssh private key`
linting 2022-02-13 08:40:15 +00:00			`become: true`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`ansible.builtin.copy:`
			`content: '{{ item.privatekey }}'`
			`dest: '{{ item.keyfile }}'`
modify ssh key management 2021-04-20 08:18:56 +00:00			`mode: 0600`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`owner: '{{ item.user }}'`
			`with_items: '{{ privatekeytodeploy }}'`
improve ssh key managemnt 2020-03-01 20:06:02 +00:00
			`- name: Deploy SSH-Keys to remote host`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`ansible.posix.authorized_key:`
			`user: '{{ item.user }}'`
			`key: '{{ item.sshkey }}'`
linting 2022-02-13 08:40:15 +00:00			`exclusive: false`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`with_items: '{{ keystodeploy }}'`
linting 2022-02-13 08:40:15 +00:00			`become: true`
migrate ssh config in system 2020-03-02 20:19:09 +00:00
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`- name: Les connexions par mot de passe sont désactivées`
linting 2022-02-13 08:40:15 +00:00			`become: true`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`ansible.builtin.lineinfile:`
fix issue with .ssh directory not existing 2021-07-10 12:40:17 +00:00			`dest: /etc/ssh/sshd_config`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`regexp: '^#?PasswordAuthentication'`
			`line: 'PasswordAuthentication no'`
migrate ssh config in system 2020-03-02 20:19:09 +00:00			`state: present`
			`notify: Restart sshd`

			`- name: Remove root SSH access`
linting 2022-02-13 08:40:15 +00:00			`become: true`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`ansible.builtin.lineinfile:`
fix issue with .ssh directory not existing 2021-07-10 12:40:17 +00:00			`dest: /etc/ssh/sshd_config`
style: correct ansible lint 2022-12-10 17:51:03 +00:00			`regexp: '^PermitRootLogin'`
			`line: 'PermitRootLogin no'`
migrate ssh config in system 2020-03-02 20:19:09 +00:00			`state: present`
			`notify: Restart sshd`