2019-02-03 00:33:49 +00:00
|
|
|
- name: "Install ssh daemon using package: {{ sshd_package }}"
|
2019-01-02 02:44:19 +00:00
|
|
|
package:
|
|
|
|
|
name: "{{ sshd_package }}"
|
|
|
|
|
state: present
|
2019-05-24 22:33:10 +00:00
|
|
|
when: sshd_enabled | bool
|
2019-01-02 02:44:19 +00:00
|
|
|
|
2017-10-19 06:33:02 +00:00
|
|
|
- name: Disable root login with password
|
2018-09-20 00:44:42 +00:00
|
|
|
lineinfile:
|
|
|
|
|
dest: /etc/ssh/sshd_config
|
|
|
|
|
regexp: '^PermitRootLogin'
|
|
|
|
|
line: 'PermitRootLogin without-password'
|
|
|
|
|
state: present
|
2019-05-24 22:33:10 +00:00
|
|
|
when: sshd_enabled | bool
|
2017-05-27 18:09:50 +00:00
|
|
|
#TODO: use handler to reload ssh
|
|
|
|
|
|
2018-09-20 00:55:28 +00:00
|
|
|
- name: Create root .ssh
|
|
|
|
|
file:
|
|
|
|
|
path: /root/.ssh
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 0700
|
|
|
|
|
state: directory
|
2019-05-24 22:33:10 +00:00
|
|
|
when: sshd_enabled | bool
|
2018-09-20 00:55:28 +00:00
|
|
|
|
|
|
|
|
- name: Install dummy root keys as placeholder
|
|
|
|
|
copy:
|
|
|
|
|
src: dummy_authorized_keys
|
|
|
|
|
dest: /root/.ssh/authorized_keys
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 0600
|
|
|
|
|
force: no
|
2019-05-24 22:33:10 +00:00
|
|
|
when: sshd_enabled | bool
|
2018-09-20 00:55:28 +00:00
|
|
|
|
2019-01-02 02:58:30 +00:00
|
|
|
- name: Enable & start ssh daemon
|
2018-09-20 00:44:42 +00:00
|
|
|
service:
|
|
|
|
|
name: "{{ sshd_service }}"
|
|
|
|
|
enabled: yes
|
|
|
|
|
state: started
|
2019-05-24 22:33:10 +00:00
|
|
|
when: sshd_enabled | bool
|
2017-05-27 18:09:50 +00:00
|
|
|
|
2019-01-02 02:58:30 +00:00
|
|
|
- name: Disable ssh daemon
|
2018-09-20 00:44:42 +00:00
|
|
|
service:
|
|
|
|
|
name: "{{ sshd_service }}"
|
|
|
|
|
enabled: no
|
|
|
|
|
state: stopped
|
2017-05-27 18:09:50 +00:00
|
|
|
when: not sshd_enabled
|
