Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

sshd_config.yml 1.7 KiB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758
  1. ---
  2. - hosts: all
  3. vars:
  4. conf: /etc/ssh/sshd_config
  5. sudo: yes
  6. tasks:
  7. # - name: find sshd_config
  8. # set_fact: conf={{item}}
  9. # # how to check remote files?
  10. # with_first_found:
  11. # - /etc/ssh/sshd_config
  12. # - /etc/sshd_config
  13. # - name: assert sshd_config found
  14. # assert: that="conf is defined"
  15. - name: Protocol 2
  16. lineinfile: dest={{conf}}
  17. regexp="^(#)?Protocol"
  18. line="Protocol 2"
  19. notify: restart sshd
  20. - name: PermitRootLogin no
  21. lineinfile: dest={{conf}}
  22. regexp="^(#)?PermitRootLogin"
  23. line="PermitRootLogin no"
  24. notify: restart sshd
  25. - name: RSAAuthentication no
  26. lineinfile: dest={{conf}}
  27. regexp="^(#)?RSAAuthentication"
  28. line="RSAAuthentication no"
  29. notify: restart sshd
  30. - name: PasswordAuthentication no
  31. lineinfile: dest={{conf}}
  32. regexp="^(#)?PasswordAuthentication"
  33. line="PasswordAuthentication no"
  34. notify: restart sshd
  35. - name: PermitEmptyPassword no
  36. lineinfile: dest={{conf}}
  37. regexp="^(#)?PermitEmptyPasswords"
  38. line="PermitEmptyPasswords no"
  39. notify: restart sshd
  40. - name: ChallengeResponseAuthentication no
  41. lineinfile: dest={{conf}}
  42. regexp="^(#)?ChallengeResponseAuthentication"
  43. line="ChallengeResponseAuthentication no"
  44. notify: restart sshd
  45. - name: UseDNS no
  46. lineinfile: dest={{conf}}
  47. regexp="^(#)?UseDNS"
  48. line="UseDNS no"
  49. notify: restart sshd
  50. - name: UsePAM no
  51. lineinfile: dest={{conf}}
  52. regexp="^(#)?UsePAM"
  53. line="UsePAM no"
  54. notify: restart sshd
  55. handlers:
  56. - name: restart sshd
  57. service: name=ssh state=restarted