You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
45 lines
1.5 KiB
45 lines
1.5 KiB
---
|
|
- name: deploy ansible ssh key
|
|
authorized_key:
|
|
user: "{{ service_account }}"
|
|
state: present
|
|
key: "{{ lookup('file', ansible_ssh_public_key_file) }}"
|
|
register: add_identity_key
|
|
|
|
- name: disable empty password ssh logins
|
|
lineinfile: dest={{ sshd_config }}
|
|
regexp="^PermitEmptyPasswords"
|
|
line="PermitEmptyPasswords no"
|
|
state=present
|
|
notify: restart_sshd
|
|
- name: disable empty password ssh logins
|
|
lineinfile: dest={{ sshd_config }}
|
|
regexp="^PermitEmptyPasswords (?!no)"
|
|
state=absent
|
|
notify: restart_sshd
|
|
- name: disable password ssh logins
|
|
lineinfile: dest={{ sshd_config }}
|
|
regexp="^PasswordAuthentication"
|
|
line="PasswordAuthentication no"
|
|
state=present
|
|
when: add_identity_key is success
|
|
notify: restart_sshd
|
|
- name: disable password ssh logins
|
|
lineinfile: dest={{ sshd_config }}
|
|
regexp="^PasswordAuthentication (?!no)"
|
|
state=absent
|
|
when: add_identity_key is success
|
|
notify: restart_sshd
|
|
- name: disable ssh root login
|
|
lineinfile: dest={{ sshd_config }}
|
|
regexp="^PermitRootLogin"
|
|
line="PermitRootLogin no"
|
|
state=present
|
|
when: add_identity_key is success
|
|
notify: restart_sshd
|
|
- name: disable ssh root login
|
|
lineinfile: dest={{ sshd_config }}
|
|
regexp="^PermitRootLogin (?!no)"
|
|
state=absent
|
|
when: add_identity_key is success
|
|
notify: restart_sshd
|
|
|