homeserver/roles/mgrote.deactivate_ssh_password_login/tasks/main.yml

32 lines
884 B
YAML
Raw Normal View History

2020-08-18 11:57:53 +02:00
---
- name: prohibit ssh login with password
become: yes
ansible.builtin.lineinfile:
2020-08-18 11:57:53 +02:00
path: /etc/ssh/sshd_config
regexp: '#PasswordAuthentication yes'
line: 'PasswordAuthentication no'
state: present
validate: "/usr/sbin/sshd -T -f %s"
2020-08-18 11:57:53 +02:00
notify: restart_sshd
- name: prohibit ssh login with password
become: yes
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: 'PasswordAuthentication yes'
line: 'PasswordAuthentication no'
state: present
validate: "/usr/sbin/sshd -T -f %s"
notify: restart_sshd
- name: prohibit ssh root login with password
become: yes
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: 'PermitRootLogin yes'
line: 'PermitRootLogin no'
state: present
validate: "/usr/sbin/sshd -T -f %s"
notify: restart_sshd