mg
2572f97fbc
Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: mg/ansible#221 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de>
31 lines
884 B
YAML
31 lines
884 B
YAML
---
|
|
- name: prohibit ssh login with password
|
|
become: yes
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '#PasswordAuthentication yes'
|
|
line: 'PasswordAuthentication no'
|
|
state: present
|
|
validate: "/usr/sbin/sshd -T -f %s"
|
|
notify: restart_sshd
|
|
|
|
- name: prohibit ssh login with password
|
|
become: yes
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: 'PasswordAuthentication yes'
|
|
line: 'PasswordAuthentication no'
|
|
state: present
|
|
validate: "/usr/sbin/sshd -T -f %s"
|
|
notify: restart_sshd
|
|
|
|
|
|
- name: prohibit ssh root login with password
|
|
become: yes
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: 'PermitRootLogin yes'
|
|
line: 'PermitRootLogin no'
|
|
state: present
|
|
validate: "/usr/sbin/sshd -T -f %s"
|
|
notify: restart_sshd
|