From ecca55a1d546b3b913799f69e95d5cbc3078522c Mon Sep 17 00:00:00 2001 From: 10sr <8slashes+git@gmail.com> Date: Mon, 4 Aug 2014 21:01:23 +0900 Subject: [PATCH] ansible: add sshd_config.yml --- ansible/sshd_config.yml | 45 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 ansible/sshd_config.yml diff --git a/ansible/sshd_config.yml b/ansible/sshd_config.yml new file mode 100644 index 0000000..3586414 --- /dev/null +++ b/ansible/sshd_config.yml @@ -0,0 +1,45 @@ +--- +- hosts: all + vars: + conf: /etc/ssh/sshd_config + sudo: yes + tasks: + - name: Protocol 2 + lineinfile: dest={{conf}} + regexp="^(#)?Protocol" + line="Protocol 2" + notify: restart sshd + - name: PermitRootLogin no + lineinfile: dest={{conf}} + regexp="^(#)?PermitRootLogin" + line="PermitRootLogin no" + notify: restart sshd + - name: RSAAuthentication no + lineinfile: dest={{conf}} + regexp="^(#)?RSAAuthentication" + line="RSAAuthentication no" + notify: restart sshd + - name: PasswordAuthentication no + lineinfile: dest={{conf}} + regexp="^(#)?PasswordAuthentication" + line="PasswordAuthentication no" + notify: restart sshd + - name: PermitEmptyPassword no + lineinfile: dest={{conf}} + regexp="^(#)?PermitEmptyPasswords" + line="PermitEmptyPasswords no" + notify: restart sshd + - name: ChallengeResponseAuthentication no + lineinfile: dest={{conf}} + regexp="^(#)?ChallengeResponseAuthentication" + line="ChallengeResponseAuthentication no" + notify: restart sshd + - name: UseDNS no + lineinfile: dest={{conf}} + regexp="^(#)?UseDNS" + line="UseDNS no" + notify: restart sshd + + handlers: + - name: restart sshd + service: name=ssh state=restarted