From 0593bc77057d402a7cd1d1293fa3dbeb06d17556 Mon Sep 17 00:00:00 2001 From: vincent Date: Mon, 2 Mar 2020 21:19:09 +0100 Subject: [PATCH] migrate ssh config in system --- handlers/main.yml | 3 ++- tasks/ssh.yml | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/handlers/main.yml b/handlers/main.yml index 60a62ac..d03924c 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -10,4 +10,5 @@ pacman: update_cache=yes - name: Restart sshd - service: name=sshd state=restarted \ No newline at end of file + service: name=sshd state=restarted + become: yes diff --git a/tasks/ssh.yml b/tasks/ssh.yml index d6525af..e7eb000 100644 --- a/tasks/ssh.yml +++ b/tasks/ssh.yml @@ -31,3 +31,23 @@ user: "{{user.name}}" key: "{{ keystodeploy|map(attribute='sshkey')|join('\n') }}" exclusive: true + + + +- name : les connexions par mot de passe sont désactivées + become: yes + lineinfile : + dest: /etc/ssh/sshd_config + regexp: "^#?PasswordAuthentication" + line: "PasswordAuthentication no" + state: present + notify: Restart sshd + +- name: Remove root SSH access + become: yes + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^PermitRootLogin" + line: "PermitRootLogin no" + state: present + notify: Restart sshd