sshd role added

72af8e0f · Chris Croome · 60cced38 · 72af8e0f
Commit 72af8e0f authored 7 years ago by Chris Croome
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
+---
+- name: Ssh root login keys only 
+  lineinfile:
+    backup: yes
+    backrefs: yes
+    state: present
+    line: "PermitRootLogin prohibit-password"
+    regexp: "^PermitRootLogin"
+    dest: "/etc/ssh/sshd_config"
+
+- name: Tunneled clear text passwords disabled
+  lineinfile:
+    backup: yes
+    backrefs: yes
+    state: present
+    line: "PasswordAuthentication no"
+    regexp: "^#?PasswordAuthentication"
+    dest: "/etc/ssh/sshd_config"
+
+- name: Public key based logins only
+  lineinfile:
+    backup: yes
+    state: present
+    line: "AuthenticationMethods publickey"
+    regexp: "^AuthenticationMethods"
+    insertafter: "^#?PubkeyAuthentication"
+    dest: "/etc/ssh/sshd_config"
+
+- name: Sshd restarted
+  service:
+    name: ssh
+    state: restarted