- name: copy ssh config for user become: true template: dest: "/home/{{item}}/.ssh" src: "ssh/config.j2" force: true remote_src: false mode: "600" selevel: s0 owner: "{{ item }}" with_items: - "{{ user.name }}" - name: ensure root ssh directory exist become: true file: state: directory path: "/root/.ssh" owner: "root" mode: 0700 - name: copy ssh config for root become: true copy: dest: /root/.ssh/ src: "ssh/config" force: true remote_src: false mode: "600" selevel: s0 owner: "root" - name: ensure key directory exist become: true file: state: directory path: "{{ item.keyfile | dirname }}" owner: "{{ item.user }}" mode: 0700 with_items: "{{ privatekeytodeploy }}" - name: Install ssh private key become: true copy: content: "{{ item.privatekey }}" dest: "{{ item.keyfile }}" mode: 0600 owner: "{{ item.user }}" with_items: "{{ privatekeytodeploy }}" - name: Deploy SSH-Keys to remote host authorized_key: user: "{{ item.user }}" key: "{{ item.sshkey }}" exclusive: false with_items: "{{ keystodeploy }}" become: true - name: les connexions par mot de passe sont désactivées become: true lineinfile: dest: /etc/ssh/sshd_config regexp: "^#?PasswordAuthentication" line: "PasswordAuthentication no" state: present notify: Restart sshd - name: Remove root SSH access become: true lineinfile: dest: /etc/ssh/sshd_config regexp: "^PermitRootLogin" line: "PermitRootLogin no" state: present notify: Restart sshd