system/tasks/ssh.yml
2022-02-13 09:42:01 +01:00

75 lines
1.6 KiB
YAML

- name: copy ssh config for user
become: true
copy:
dest: /home/{{ item }}/.ssh/
src: "ssh/config"
force: true
remote_src: false
mode: "600"
selevel: s0
owner: "{{ item }}"
with_items:
- "{{ user.name }}"
- name: ensure root ssh directory exist
become: true
file:
state: directory
path: "/root/.ssh"
owner: "root"
mode: 0700
- name: copy ssh config for root
become: true
copy:
dest: /root/.ssh/
src: "ssh/config"
force: true
remote_src: false
mode: "600"
selevel: s0
owner: "root"
- name: ensure key directory exist
become: true
file:
state: directory
path: "{{ item.keyfile | dirname }}"
owner: "{{ item.user }}"
mode: 0700
with_items: "{{ privatekeytodeploy }}"
- name: Install ssh private key
become: true
copy:
content: "{{ item.privatekey }}"
dest: "{{ item.keyfile }}"
mode: 0600
owner: "{{ item.user }}"
with_items: "{{ privatekeytodeploy }}"
- name: Deploy SSH-Keys to remote host
authorized_key:
user: "{{ item.user }}"
key: "{{ item.sshkey }}"
exclusive: false
with_items: "{{ keystodeploy }}"
become: true
- name: les connexions par mot de passe sont désactivées
become: true
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^#?PasswordAuthentication"
line: "PasswordAuthentication no"
state: present
notify: Restart sshd
- name: Remove root SSH access
become: true
lineinfile:
dest: /etc/ssh/sshd_config
regexp: "^PermitRootLogin"
line: "PermitRootLogin no"
state: present
notify: Restart sshd