14 lines
427 B
YAML
14 lines
427 B
YAML
---
|
|
- name: Ensure sshd config options set correctly
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: "^#?{{ item.key }} .*$"
|
|
line: "{{ item.key }} {{ item.value }}"
|
|
state: present
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
notify: Restart sshd
|
|
with_dict:
|
|
PermitRootLogin: "prohibit-password"
|
|
PasswordAuthentication: "{{ 'yes' if ssh_password_auth else 'no' }}"
|
|
X11Forwarding: "no"
|