Add things
This commit is contained in:
Uumas
6
roles/ssh/handlers/main.yml
Normal file
6
roles/ssh/handlers/main.yml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
|
||||
- name: restart ssh
|
||||
systemd:
|
||||
name: ssh
|
||||
state: restarted
|
||||
28
roles/ssh/tasks/main.yml
Normal file
28
roles/ssh/tasks/main.yml
Normal file
@@ -0,0 +1,28 @@
|
||||
---
|
||||
|
||||
- name: Disable SSH root login without password
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: '^#?PermitRootLogin .*$'
|
||||
line: "PermitRootLogin prohibit-password"
|
||||
state: present
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: restart ssh
|
||||
|
||||
- name: Disable PasswordAuthentication
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: '^#PasswordAuthentication .*$'
|
||||
line: "PasswordAuthentication no"
|
||||
state: present
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: restart ssh
|
||||
|
||||
- name: Disable X11 forwarding
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
regexp: '^#?X11Forwarding .*$'
|
||||
line: "X11Forwarding no"
|
||||
state: present
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: restart ssh
|
||||
Reference in New Issue
Block a user