From 2e5b51cc24b6f6c91e7f969fe14e3adc2d4e80f2 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 21 Apr 2018 23:28:35 +0200 Subject: rename all .yaml to .yml --- roles/sshserver/handlers/main.yaml | 5 ----- roles/sshserver/handlers/main.yml | 5 +++++ roles/sshserver/tasks/main.yaml | 38 -------------------------------------- roles/sshserver/tasks/main.yml | 38 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 43 insertions(+), 43 deletions(-) delete mode 100644 roles/sshserver/handlers/main.yaml create mode 100644 roles/sshserver/handlers/main.yml delete mode 100644 roles/sshserver/tasks/main.yaml create mode 100644 roles/sshserver/tasks/main.yml (limited to 'roles/sshserver') diff --git a/roles/sshserver/handlers/main.yaml b/roles/sshserver/handlers/main.yaml deleted file mode 100644 index 822887e3..00000000 --- a/roles/sshserver/handlers/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: restart ssh - service: - name: ssh - state: restarted diff --git a/roles/sshserver/handlers/main.yml b/roles/sshserver/handlers/main.yml new file mode 100644 index 00000000..822887e3 --- /dev/null +++ b/roles/sshserver/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart ssh + service: + name: ssh + state: restarted diff --git a/roles/sshserver/tasks/main.yaml b/roles/sshserver/tasks/main.yaml deleted file mode 100644 index 6d6cc59c..00000000 --- a/roles/sshserver/tasks/main.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: install ssh-server - apt: - name: openssh-server - state: present - -- name: hardening ssh-server config - lineinfile: - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - dest: /etc/ssh/sshd_config - mode: 0644 - with_items: - - { regexp: "^#?\\s*IgnoreRhosts", line: "IgnoreRhosts yes" } - - { regexp: "^#?\\s*PermitRootLogin", line: "PermitRootLogin without-password" } - - { regexp: "^#?\\s*PubkeyAuthentication", line: "PubkeyAuthentication yes" } - - { regexp: "^#?\\s*HostbasedAuthentication", line: "HostbasedAuthentication no" } - - { regexp: "^#?\\s*PermitEmptyPasswords", line: "PermitEmptyPasswords no" } - - { regexp: "^#?\\s*UseDNS", line: "UseDNS no" } - notify: restart ssh - -- name: limit allowed users - lineinfile: - dest: /etc/ssh/sshd_config - regexp: "^AllowUsers" - line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}" - notify: restart ssh - -- name: install ssh keys for root - authorized_key: - user: root - key: "{{ sshserver_root_keys }}" - exclusive: yes - -- name: delete root password - user: - name: root - password: "!" diff --git a/roles/sshserver/tasks/main.yml b/roles/sshserver/tasks/main.yml new file mode 100644 index 00000000..6d6cc59c --- /dev/null +++ b/roles/sshserver/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: install ssh-server + apt: + name: openssh-server + state: present + +- name: hardening ssh-server config + lineinfile: + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + dest: /etc/ssh/sshd_config + mode: 0644 + with_items: + - { regexp: "^#?\\s*IgnoreRhosts", line: "IgnoreRhosts yes" } + - { regexp: "^#?\\s*PermitRootLogin", line: "PermitRootLogin without-password" } + - { regexp: "^#?\\s*PubkeyAuthentication", line: "PubkeyAuthentication yes" } + - { regexp: "^#?\\s*HostbasedAuthentication", line: "HostbasedAuthentication no" } + - { regexp: "^#?\\s*PermitEmptyPasswords", line: "PermitEmptyPasswords no" } + - { regexp: "^#?\\s*UseDNS", line: "UseDNS no" } + notify: restart ssh + +- name: limit allowed users + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^AllowUsers" + line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}" + notify: restart ssh + +- name: install ssh keys for root + authorized_key: + user: root + key: "{{ sshserver_root_keys }}" + exclusive: yes + +- name: delete root password + user: + name: root + password: "!" -- cgit v1.2.3