mirror of
https://github.com/iiab/iiab.git
synced 2025-02-13 19:52:06 +00:00
46 lines
926 B
YAML
46 lines
926 B
YAML
- name: Install ssh daemon
|
|
package:
|
|
name: "{{ sshd_package }}"
|
|
state: present
|
|
when: sshd_enabled
|
|
|
|
- name: Disable root login with password
|
|
lineinfile:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin'
|
|
line: 'PermitRootLogin without-password'
|
|
state: present
|
|
#TODO: use handler to reload ssh
|
|
|
|
- name: Create root .ssh
|
|
file:
|
|
path: /root/.ssh
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
state: directory
|
|
when: sshd_enabled
|
|
|
|
- name: Install dummy root keys as placeholder
|
|
copy:
|
|
src: dummy_authorized_keys
|
|
dest: /root/.ssh/authorized_keys
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
force: no
|
|
when: sshd_enabled
|
|
|
|
- name: Enable & start sshd
|
|
service:
|
|
name: "{{ sshd_service }}"
|
|
enabled: yes
|
|
state: started
|
|
when: sshd_enabled
|
|
|
|
- name: Disable sshd
|
|
service:
|
|
name: "{{ sshd_service }}"
|
|
enabled: no
|
|
state: stopped
|
|
when: not sshd_enabled
|