From 0593bc77057d402a7cd1d1293fa3dbeb06d17556 Mon Sep 17 00:00:00 2001
From: vincent <vincent@ducamps.win>
Date: Mon, 2 Mar 2020 21:19:09 +0100
Subject: [PATCH] migrate ssh config in system

---
 handlers/main.yml |  3 ++-
 tasks/ssh.yml     | 20 ++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/handlers/main.yml b/handlers/main.yml
index 60a62ac..d03924c 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -10,4 +10,5 @@
   pacman: update_cache=yes
 
 - name: Restart sshd
-  service: name=sshd state=restarted
\ No newline at end of file
+  service: name=sshd state=restarted
+  become: yes
diff --git a/tasks/ssh.yml b/tasks/ssh.yml
index d6525af..e7eb000 100644
--- a/tasks/ssh.yml
+++ b/tasks/ssh.yml
@@ -31,3 +31,23 @@
     user: "{{user.name}}"
     key: "{{ keystodeploy|map(attribute='sshkey')|join('\n') }}"
     exclusive: true
+
+
+
+- name : les connexions par mot de passe sont désactivées
+  become: yes
+  lineinfile : 
+    dest: /etc/ssh/sshd_config 
+    regexp: "^#?PasswordAuthentication"
+    line: "PasswordAuthentication no"
+    state: present
+  notify: Restart sshd
+
+- name: Remove root SSH access
+  become: yes
+  lineinfile: 
+    dest: /etc/ssh/sshd_config 
+    regexp: "^PermitRootLogin" 
+    line: "PermitRootLogin no" 
+    state: present
+  notify: Restart sshd