15 lines
470 B
YAML
15 lines
470 B
YAML
---
|
|
|
|
- name: Ensure sshd config options set correctly
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: "^#?{{ item.key }} .*$"
|
|
line: "{{ item.key }} {{ item.value }}"
|
|
state: present
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
notify: Restart ssh
|
|
with_dict:
|
|
PermitRootLogin: 'prohibit-password'
|
|
PasswordAuthentication: "{{ 'yes' if sshd_password_auth else 'no' }}"
|
|
X11Forwarding: "{{ 'yes' if sshd_x11_forwarding else 'no' }}"
|