diff options
author | Christian Pointner <equinox@spreadspace.org> | 2018-04-21 23:28:35 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2018-04-21 23:28:35 +0200 |
commit | 2e5b51cc24b6f6c91e7f969fe14e3adc2d4e80f2 (patch) | |
tree | 6cbb61b2f17061fee06306a3ec2e58e2fc3e87de /roles/sshserver/tasks/main.yaml | |
parent | updated google apt key (diff) |
rename all .yaml to .yml
Diffstat (limited to 'roles/sshserver/tasks/main.yaml')
-rw-r--r-- | roles/sshserver/tasks/main.yaml | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/roles/sshserver/tasks/main.yaml b/roles/sshserver/tasks/main.yaml deleted file mode 100644 index 6d6cc59c..00000000 --- a/roles/sshserver/tasks/main.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: install ssh-server - apt: - name: openssh-server - state: present - -- name: hardening ssh-server config - lineinfile: - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - dest: /etc/ssh/sshd_config - mode: 0644 - with_items: - - { regexp: "^#?\\s*IgnoreRhosts", line: "IgnoreRhosts yes" } - - { regexp: "^#?\\s*PermitRootLogin", line: "PermitRootLogin without-password" } - - { regexp: "^#?\\s*PubkeyAuthentication", line: "PubkeyAuthentication yes" } - - { regexp: "^#?\\s*HostbasedAuthentication", line: "HostbasedAuthentication no" } - - { regexp: "^#?\\s*PermitEmptyPasswords", line: "PermitEmptyPasswords no" } - - { regexp: "^#?\\s*UseDNS", line: "UseDNS no" } - notify: restart ssh - -- name: limit allowed users - lineinfile: - dest: /etc/ssh/sshd_config - regexp: "^AllowUsers" - line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}" - notify: restart ssh - -- name: install ssh keys for root - authorized_key: - user: root - key: "{{ sshserver_root_keys }}" - exclusive: yes - -- name: delete root password - user: - name: root - password: "!" |