system/tasks/ssh.yml

- name: ensure SSH instalation
  become: true
  package:
    name: "{{ system_ssh_package }}"
    state: present
- name: ensure .ssh exist  for user
  become: true
  file:
    state: directory
    path: "/home/{{item}}/.ssh"
    owner: "{{item}}"
    mode: 0700
  with_items:
    - "{{user.name}}"
    - ansible

- name: copy  ssh config for user
  become: true
  template:
    dest: "/home/{{ item }}/.ssh/config"
    src: "ssh/config.j2"
    force: true
    remote_src: false
    mode: "600"
    selevel: s0
    owner: "{{ item }}"
  with_items:
    - "{{ user.name }}"
    - ansible
- name: ensure root ssh directory exist
  become: true
  file:
    state: directory
    path: "/root/.ssh"
    owner: "root"
    mode: 0700

- name: copy  ssh config for root
  become: true
  copy:
    dest: /root/.ssh/
    src: "ssh/config"
    force: true
    remote_src: false
    mode: "600"
    selevel: s0
    owner: "root"

- name: ensure key directory exist
  become: true
  file:
    state: directory
    path: "{{ item.keyfile | dirname }}"
    owner: "{{ item.user }}"
    mode: 0700
  with_items: "{{ privatekeytodeploy }}"

- name: Install ssh private key
  become: true
  copy:
    content: "{{ item.privatekey }}"
    dest: "{{ item.keyfile }}"
    mode: 0600
    owner: "{{ item.user }}"
  with_items: "{{ privatekeytodeploy }}"

- name: Deploy SSH-Keys to remote host
  authorized_key:
    user: "{{ item.user }}"
    key: "{{ item.sshkey }}"
    exclusive: false
  with_items: "{{ keystodeploy }}"
  become: true

- name: les connexions par mot de passe sont désactivées
  become: true
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: "^#?PasswordAuthentication"
    line: "PasswordAuthentication no"
    state: present
  notify: Restart sshd

- name: Remove root SSH access
  become: true
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: "^PermitRootLogin"
    line: "PermitRootLogin no"
    state: present
  notify: Restart sshd
custom SSH install 2022-10-23 13:28:33 +00:00			`- name: ensure SSH instalation`
			`become: true`
			`package:`
			`name: "{{ system_ssh_package }}"`
			`state: present`
add .ssh check 2022-11-06 18:10:26 +00:00			`- name: ensure .ssh exist for user`
			`become: true`
			`file:`
			`state: directory`
			`path: "/home/{{item}}/.ssh"`
			`owner: "{{item}}"`
			`mode: 0700`
			`with_items:`
			`- "{{user.name}}"`
configure ssh for ansible user 2022-11-11 16:49:55 +00:00			`- ansible`
add .ssh check 2022-11-06 18:10:26 +00:00
modify ssh key management 2021-04-20 08:18:56 +00:00			`- name: copy ssh config for user`
linting 2022-02-13 08:40:15 +00:00			`become: true`
template config ssh 2022-07-26 17:50:17 +00:00			`template:`
add .ssh check 2022-11-06 18:10:26 +00:00			`dest: "/home/{{ item }}/.ssh/config"`
fix ssh config path 2022-10-08 07:15:42 +00:00			`src: "ssh/config.j2"`
linting 2022-02-13 08:40:15 +00:00			`force: true`
			`remote_src: false`
			`mode: "600"`
			`selevel: s0`
			`owner: "{{ item }}"`
improve ssh key managemnt 2020-03-01 20:06:02 +00:00			`with_items:`
linting 2022-02-13 08:40:15 +00:00			`- "{{ user.name }}"`
configure ssh for ansible user 2022-11-11 16:49:55 +00:00			`- ansible`
resolve conflict 2021-07-10 12:41:35 +00:00			`- name: ensure root ssh directory exist`
			`become: true`
			`file:`
			`state: directory`
			`path: "/root/.ssh"`
			`owner: "root"`
			`mode: 0700`

			`- name: copy ssh config for root`
linting 2022-02-13 08:40:15 +00:00			`become: true`
resolve conflict 2021-07-10 12:41:35 +00:00			`copy:`
linting 2022-02-13 08:40:15 +00:00			`dest: /root/.ssh/`
			`src: "ssh/config"`
			`force: true`
			`remote_src: false`
			`mode: "600"`
			`selevel: s0`
			`owner: "root"`
resolve conflict 2021-07-10 12:41:35 +00:00
fix issue with .ssh directory not existing 2021-07-10 12:40:17 +00:00			`- name: ensure key directory exist`
			`become: true`
			`file:`
			`state: directory`
			`path: "{{ item.keyfile \| dirname }}"`
linting 2022-02-13 08:40:15 +00:00			`owner: "{{ item.user }}"`
resolve conflict 2021-07-10 12:41:35 +00:00			`mode: 0700`
linting 2022-02-13 08:40:15 +00:00			`with_items: "{{ privatekeytodeploy }}"`
improve ssh key managemnt 2020-03-01 20:06:02 +00:00
modify ssh key management 2021-04-20 08:18:56 +00:00			`- name: Install ssh private key`
linting 2022-02-13 08:40:15 +00:00			`become: true`
fix issue with .ssh directory not existing 2021-07-10 12:40:17 +00:00			`copy:`
			`content: "{{ item.privatekey }}"`
modify ssh key management 2021-04-20 08:18:56 +00:00			`dest: "{{ item.keyfile }}"`
			`mode: 0600`
linting 2022-02-13 08:40:15 +00:00			`owner: "{{ item.user }}"`
			`with_items: "{{ privatekeytodeploy }}"`
improve ssh key managemnt 2020-03-01 20:06:02 +00:00
			`- name: Deploy SSH-Keys to remote host`
			`authorized_key:`
linting 2022-02-13 08:40:15 +00:00			`user: "{{ item.user }}"`
			`key: "{{ item.sshkey }}"`
			`exclusive: false`
			`with_items: "{{ keystodeploy }}"`
			`become: true`
migrate ssh config in system 2020-03-02 20:19:09 +00:00
fix issue with .ssh directory not existing 2021-07-10 12:40:17 +00:00			`- name: les connexions par mot de passe sont désactivées`
linting 2022-02-13 08:40:15 +00:00			`become: true`
fix issue with .ssh directory not existing 2021-07-10 12:40:17 +00:00			`lineinfile:`
			`dest: /etc/ssh/sshd_config`
migrate ssh config in system 2020-03-02 20:19:09 +00:00			`regexp: "^#?PasswordAuthentication"`
			`line: "PasswordAuthentication no"`
			`state: present`
			`notify: Restart sshd`

			`- name: Remove root SSH access`
linting 2022-02-13 08:40:15 +00:00			`become: true`
fix issue with .ssh directory not existing 2021-07-10 12:40:17 +00:00			`lineinfile:`
			`dest: /etc/ssh/sshd_config`
			`regexp: "^PermitRootLogin"`
			`line: "PermitRootLogin no"`
migrate ssh config in system 2020-03-02 20:19:09 +00:00			`state: present`
			`notify: Restart sshd`