- name: Ensure SSH instalation become: true ansible.builtin.package: name: '{{ system_ssh_package }}' state: present - name: Ensure .ssh exist for user become: true ansible.builtin.file: state: directory path: '/home/{{ item }}/.ssh' owner: '{{ item }}' mode: 0700 with_items: - '{{ user.name }}' - ansible - name: Copy ssh config for user become: true ansible.builtin.template: dest: '/home/{{ item }}/.ssh/config' src: 'ssh/config.j2' force: true remote_src: false mode: '600' selevel: s0 owner: '{{ item }}' with_items: - '{{ user.name }}' - ansible - name: Ensure root ssh directory exist become: true ansible.builtin.file: state: directory path: '/root/.ssh' owner: 'root' mode: 0700 - name: Copy ssh config for root become: true ansible.builtin.copy: dest: /root/.ssh/ src: 'ssh/config' force: true remote_src: false mode: '600' selevel: s0 owner: 'root' - name: Ensure key directory exist become: true ansible.builtin.file: state: directory path: '{{ item.keyfile | dirname }}' owner: '{{ item.user }}' mode: 0700 with_items: '{{ privatekeytodeploy }}' - name: Install ssh private key become: true ansible.builtin.copy: content: '{{ item.privatekey }}' dest: '{{ item.keyfile }}' mode: 0600 owner: '{{ item.user }}' with_items: '{{ privatekeytodeploy }}' - name: Deploy SSH-Keys to remote host ansible.posix.authorized_key: user: '{{ item.user }}' key: '{{ item.sshkey }}' exclusive: false with_items: '{{ keystodeploy }}' become: true - name: Les connexions par mot de passe sont désactivées become: true ansible.builtin.lineinfile: dest: /etc/ssh/sshd_config regexp: '^#?PasswordAuthentication' line: 'PasswordAuthentication no' state: present notify: Restart sshd - name: Remove root SSH access become: true ansible.builtin.lineinfile: dest: /etc/ssh/sshd_config regexp: '^PermitRootLogin' line: 'PermitRootLogin no' state: present notify: Restart sshd