43 lines
1.0 KiB
YAML
43 lines
1.0 KiB
YAML
|
---
|
||
|
|
- name: Update SSH server configuration
|
||
|
|
hosts: your_target_host
|
||
|
|
become: yes
|
||
|
|
tasks:
|
||
|
|
- name: Disable empty password login
|
||
|
|
lineinfile:
|
||
|
|
path: /etc/ssh/sshd_config
|
||
|
|
regexp: '^PermitEmptyPasswords'
|
||
|
|
line: 'PermitEmptyPasswords no'
|
||
|
|
notify:
|
||
|
|
- Restart SSH
|
||
|
|
|
||
|
|
- name: Disable password authentication
|
||
|
|
lineinfile:
|
||
|
|
path: /etc/ssh/sshd_config
|
||
|
|
regexp: '^PasswordAuthentication'
|
||
|
|
line: 'PasswordAuthentication no'
|
||
|
|
notify:
|
||
|
|
- Restart SSH
|
||
|
|
|
||
|
|
- name: Update AuthorizedKeysFile
|
||
|
|
lineinfile:
|
||
|
|
path: /etc/ssh/sshd_config
|
||
|
|
regexp: '^AuthorizedKeysFile'
|
||
|
|
line: 'AuthorizedKeysFile .ssh/authorized_keys'
|
||
|
|
notify:
|
||
|
|
- Restart SSH
|
||
|
|
|
||
|
|
- name: Remove other AuthorizedKeysFile settings
|
||
|
|
replace:
|
||
|
|
path: /etc/ssh/sshd_config
|
||
|
|
regexp: '^AuthorizedKeysFile.*'
|
||
|
|
replace: ''
|
||
|
|
notify:
|
||
|
|
- Restart SSH
|
||
|
|
|
||
|
|
handlers:
|
||
|
|
- name: Restart SSH
|
||
|
|
service:
|
||
|
|
name: sshd
|
||
|
|
state: restarted
|