iiab/roles/sshd/tasks/main.yml

- name: Install ssh daemon
  package:
    name: "{{ sshd_package }}"
    state: present
  when: sshd_enabled

- name: Disable root login with password
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^PermitRootLogin'
    line: 'PermitRootLogin without-password'
    state: present
#TODO: use handler to reload ssh

- name: Create root .ssh
  file:
    path: /root/.ssh
    owner: root
    group: root
    mode: 0700
    state: directory
  when: sshd_enabled

- name: Install dummy root keys as placeholder
  copy:
    src: dummy_authorized_keys
    dest: /root/.ssh/authorized_keys
    owner: root
    group: root
    mode: 0600
    force: no
  when: sshd_enabled

- name: Enable & start sshd
  service:
    name: "{{ sshd_service }}"
    enabled: yes
    state: started
  when: sshd_enabled

- name: Disable sshd
  service:
    name: "{{ sshd_service }}"
    enabled: no
    state: stopped
  when: not sshd_enabled
Update main.yml 2019-01-02 02:44:19 +00:00			`- name: Install ssh daemon`
			`package:`
			`name: "{{ sshd_package }}"`
			`state: present`
			`when: sshd_enabled`

Misc Fixes: Clean up whitespace warnings 2017-10-19 06:33:02 +00:00			`- name: Disable root login with password`
modern Ansible syntax in roles/sshd 2018-09-20 00:44:42 +00:00			`lineinfile:`
			`dest: /etc/ssh/sshd_config`
			`regexp: '^PermitRootLogin'`
			`line: 'PermitRootLogin without-password'`
			`state: present`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`#TODO: use handler to reload ssh`

Update main.yml 2018-09-20 00:55:28 +00:00			`- name: Create root .ssh`
			`file:`
			`path: /root/.ssh`
			`owner: root`
			`group: root`
			`mode: 0700`
			`state: directory`
			`when: sshd_enabled`

			`- name: Install dummy root keys as placeholder`
			`copy:`
			`src: dummy_authorized_keys`
			`dest: /root/.ssh/authorized_keys`
			`owner: root`
			`group: root`
			`mode: 0600`
			`force: no`
			`when: sshd_enabled`

Update main.yml 2018-09-20 00:47:46 +00:00			`- name: Enable & start sshd`
modern Ansible syntax in roles/sshd 2018-09-20 00:44:42 +00:00			`service:`
			`name: "{{ sshd_service }}"`
			`enabled: yes`
			`state: started`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`when: sshd_enabled`

			`- name: Disable sshd`
modern Ansible syntax in roles/sshd 2018-09-20 00:44:42 +00:00			`service:`
			`name: "{{ sshd_service }}"`
			`enabled: no`
			`state: stopped`
initial checkin -- May 27, 2017 2017-05-27 18:09:50 +00:00			`when: not sshd_enabled`