- ---
- - hosts: all
- # vars:
- # conf: /etc/ssh/sshd_config
- sudo: yes
- tasks:
- - name: find sshd_config
- set_fact: conf={{item}}
- with_first_found:
- - /etc/ssh/sshd_config
- - /etc/sshd_config
- - name: assert sshd_config found
- assert: conf is defined
- - name: Protocol 2
- lineinfile: dest={{conf}}
- regexp="^(#)?Protocol"
- line="Protocol 2"
- notify: restart sshd
- - name: PermitRootLogin no
- lineinfile: dest={{conf}}
- regexp="^(#)?PermitRootLogin"
- line="PermitRootLogin no"
- notify: restart sshd
- - name: RSAAuthentication no
- lineinfile: dest={{conf}}
- regexp="^(#)?RSAAuthentication"
- line="RSAAuthentication no"
- notify: restart sshd
- - name: PasswordAuthentication no
- lineinfile: dest={{conf}}
- regexp="^(#)?PasswordAuthentication"
- line="PasswordAuthentication no"
- notify: restart sshd
- - name: PermitEmptyPassword no
- lineinfile: dest={{conf}}
- regexp="^(#)?PermitEmptyPasswords"
- line="PermitEmptyPasswords no"
- notify: restart sshd
- - name: ChallengeResponseAuthentication no
- lineinfile: dest={{conf}}
- regexp="^(#)?ChallengeResponseAuthentication"
- line="ChallengeResponseAuthentication no"
- notify: restart sshd
- - name: UseDNS no
- lineinfile: dest={{conf}}
- regexp="^(#)?UseDNS"
- line="UseDNS no"
- notify: restart sshd
-
- handlers:
- - name: restart sshd
- service: name=ssh state=restarted
|
