44 lines
1.0 KiB
YAML
44 lines
1.0 KiB
YAML
- name: Ensure SSH instalation
|
|
become: true
|
|
ansible.builtin.package:
|
|
name: '{{ system_ssh_package }}'
|
|
state: present
|
|
|
|
|
|
- name: Ensure key directory exist
|
|
become: true
|
|
ansible.builtin.file:
|
|
state: directory
|
|
path: '{{ item.keyfile | dirname }}'
|
|
owner: '{{ item.user }}'
|
|
mode: 0700
|
|
with_items: '{{ privatekeytodeploy }}'
|
|
|
|
- name: Install ssh private key
|
|
become: true
|
|
ansible.builtin.copy:
|
|
content: '{{ item.privatekey }}'
|
|
dest: '{{ item.keyfile }}'
|
|
mode: 0600
|
|
owner: '{{ item.user }}'
|
|
with_items: '{{ privatekeytodeploy }}'
|
|
|
|
|
|
- name: Les connexions par mot de passe sont désactivées
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '^#?PasswordAuthentication'
|
|
line: 'PasswordAuthentication no'
|
|
state: present
|
|
notify: Restart sshd
|
|
|
|
- name: Remove root SSH access
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin'
|
|
line: 'PermitRootLogin no'
|
|
state: present
|
|
notify: Restart sshd
|