diff options
Diffstat (limited to 'roles/sshd')
-rw-r--r-- | roles/sshd/tasks/main.yml | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index e638905b..9d35e750 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -5,20 +5,22 @@ state: present - name: hardening ssh-server config + vars: + sshd_options: + IgnoreRhosts: "yes" + PermitRootLogin: "without-password" + PubkeyAuthentication: "yes" + HostbasedAuthentication: "no" + PermitEmptyPasswords: "no" + UseDNS: "no" + loop: "{{ sshd_options | dict2items }}" + loop_control: + label: "{{ item.key }} = {{ item.value }}" lineinfile: regexp: "^#?\\s*{{ item.key }}" line: "{{ item.key }} {{ item.value }}" dest: /etc/ssh/sshd_config mode: 0644 - with_dict: - IgnoreRhosts: "yes" - PermitRootLogin: "without-password" - PubkeyAuthentication: "yes" - HostbasedAuthentication: "no" - PermitEmptyPasswords: "no" - UseDNS: "no" - loop_control: - label: "{{ item.key }}" notify: restart ssh - name: limit allowed users |