|
@@ -1,58 +0,0 @@ |
|
|
--- |
|
|
|
|
|
- hosts: all |
|
|
|
|
|
vars: |
|
|
|
|
|
conf: /etc/ssh/sshd_config |
|
|
|
|
|
sudo: yes |
|
|
|
|
|
tasks: |
|
|
|
|
|
# - name: find sshd_config |
|
|
|
|
|
# set_fact: conf={{item}} |
|
|
|
|
|
# # how to check remote files? |
|
|
|
|
|
# with_first_found: |
|
|
|
|
|
# - /etc/ssh/sshd_config |
|
|
|
|
|
# - /etc/sshd_config |
|
|
|
|
|
# - name: assert sshd_config found |
|
|
|
|
|
# assert: that="conf is defined" |
|
|
|
|
|
- name: Protocol 2 |
|
|
|
|
|
lineinfile: dest={{conf}} |
|
|
|
|
|
regexp="^(#)?Protocol" |
|
|
|
|
|
line="Protocol 2" |
|
|
|
|
|
notify: restart sshd |
|
|
|
|
|
- name: PermitRootLogin no |
|
|
|
|
|
lineinfile: dest={{conf}} |
|
|
|
|
|
regexp="^(#)?PermitRootLogin" |
|
|
|
|
|
line="PermitRootLogin no" |
|
|
|
|
|
notify: restart sshd |
|
|
|
|
|
- name: RSAAuthentication no |
|
|
|
|
|
lineinfile: dest={{conf}} |
|
|
|
|
|
regexp="^(#)?RSAAuthentication" |
|
|
|
|
|
line="RSAAuthentication no" |
|
|
|
|
|
notify: restart sshd |
|
|
|
|
|
- name: PasswordAuthentication no |
|
|
|
|
|
lineinfile: dest={{conf}} |
|
|
|
|
|
regexp="^(#)?PasswordAuthentication" |
|
|
|
|
|
line="PasswordAuthentication no" |
|
|
|
|
|
notify: restart sshd |
|
|
|
|
|
- name: PermitEmptyPassword no |
|
|
|
|
|
lineinfile: dest={{conf}} |
|
|
|
|
|
regexp="^(#)?PermitEmptyPasswords" |
|
|
|
|
|
line="PermitEmptyPasswords no" |
|
|
|
|
|
notify: restart sshd |
|
|
|
|
|
- name: ChallengeResponseAuthentication no |
|
|
|
|
|
lineinfile: dest={{conf}} |
|
|
|
|
|
regexp="^(#)?ChallengeResponseAuthentication" |
|
|
|
|
|
line="ChallengeResponseAuthentication no" |
|
|
|
|
|
notify: restart sshd |
|
|
|
|
|
- name: UseDNS no |
|
|
|
|
|
lineinfile: dest={{conf}} |
|
|
|
|
|
regexp="^(#)?UseDNS" |
|
|
|
|
|
line="UseDNS no" |
|
|
|
|
|
notify: restart sshd |
|
|
|
|
|
- name: UsePAM no |
|
|
|
|
|
lineinfile: dest={{conf}} |
|
|
|
|
|
regexp="^(#)?UsePAM" |
|
|
|
|
|
line="UsePAM no" |
|
|
|
|
|
notify: restart sshd |
|
|
|
|
|
|
|
|
|
|
|
handlers: |
|
|
|
|
|
- name: restart sshd |
|
|
|
|
|
service: name=ssh state=restarted |
|
|
|