diff options
author | Christian Pointner <equinox@spreadspace.org> | 2017-12-07 17:59:15 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2017-12-07 17:59:15 +0100 |
commit | 4bce4e54c4e97d0fa4128dee67f57ba33ef6a2b0 (patch) | |
tree | 075209f7a8267637f0a7f6f285244a62eec75727 /roles/sshserver/tasks | |
parent | cleaned upgrade role (diff) |
harmonized yaml syntax
Diffstat (limited to 'roles/sshserver/tasks')
-rw-r--r-- | roles/sshserver/tasks/main.yaml | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/roles/sshserver/tasks/main.yaml b/roles/sshserver/tasks/main.yaml index 52a36343..d2c5c9f0 100644 --- a/roles/sshserver/tasks/main.yaml +++ b/roles/sshserver/tasks/main.yaml @@ -1,6 +1,8 @@ --- - name: install ssh-server - apt: name=openssh-server state=present + apt: + name: openssh-server + state: present - name: hardening ssh-server config lineinfile: @@ -9,17 +11,17 @@ dest: /etc/ssh/sshd_config mode: 0644 with_items: - - { "regexp": "^#?\\s*IgnoreRhosts", "line": "IgnoreRhosts yes" } - - { "regexp": "^#?\\s*PermitRootLogin", "line": "PermitRootLogin without-password" } - - { "regexp": "^#?\\s*PubkeyAuthentication", "line": "PubkeyAuthentication yes" } - - { "regexp": "^#?\\s*HostbasedAuthentication", "line": "HostbasedAuthentication no" } - - { "regexp": "^#?\\s*PermitEmptyPasswords", "line": "PermitEmptyPasswords no" } - - { "regexp": "^#?\\s*UseDNS", "line": "UseDNS no" } + - { regexp: "^#?\\s*IgnoreRhosts", line: "IgnoreRhosts yes" } + - { regexp: "^#?\\s*PermitRootLogin", line: "PermitRootLogin without-password" } + - { regexp: "^#?\\s*PubkeyAuthentication", line: "PubkeyAuthentication yes" } + - { regexp: "^#?\\s*HostbasedAuthentication", line: "HostbasedAuthentication no" } + - { regexp: "^#?\\s*PermitEmptyPasswords", line: "PermitEmptyPasswords no" } + - { regexp: "^#?\\s*UseDNS", line: "UseDNS no" } notify: restart ssh - name: limit allowed users lineinfile: - dest: /etc/ssh/sshd_config - regexp: "^AllowUsers" - line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}" + dest: /etc/ssh/sshd_config + regexp: "^AllowUsers" + line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}" notify: restart ssh |