25개 이상의 토픽을 선택하실 수 없습니다.
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
- ---
- - hosts: all
- vars:
- conf: /etc/ssh/sshd_config
- sudo: yes
- tasks:
- # - name: find sshd_config
- # set_fact: conf={{item}}
- # # how to check remote files?
- # with_first_found:
- # - /etc/ssh/sshd_config
- # - /etc/sshd_config
- # - name: assert sshd_config found
- # assert: that="conf is defined"
- - name: Protocol 2
- lineinfile: dest={{conf}}
- regexp="^(#)?Protocol"
- line="Protocol 2"
- notify: restart sshd
- - name: PermitRootLogin no
- lineinfile: dest={{conf}}
- regexp="^(#)?PermitRootLogin"
- line="PermitRootLogin no"
- notify: restart sshd
- - name: RSAAuthentication no
- lineinfile: dest={{conf}}
- regexp="^(#)?RSAAuthentication"
- line="RSAAuthentication no"
- notify: restart sshd
- - name: PasswordAuthentication no
- lineinfile: dest={{conf}}
- regexp="^(#)?PasswordAuthentication"
- line="PasswordAuthentication no"
- notify: restart sshd
- - name: PermitEmptyPassword no
- lineinfile: dest={{conf}}
- regexp="^(#)?PermitEmptyPasswords"
- line="PermitEmptyPasswords no"
- notify: restart sshd
- - name: ChallengeResponseAuthentication no
- lineinfile: dest={{conf}}
- regexp="^(#)?ChallengeResponseAuthentication"
- line="ChallengeResponseAuthentication no"
- notify: restart sshd
- - name: UseDNS no
- lineinfile: dest={{conf}}
- regexp="^(#)?UseDNS"
- line="UseDNS no"
- notify: restart sshd
- - name: UsePAM no
- lineinfile: dest={{conf}}
- regexp="^(#)?UsePAM"
- line="UsePAM no"
- notify: restart sshd
-
- handlers:
- - name: restart sshd
- service: name=ssh state=restarted
|