29 lines
733 B
YAML
29 lines
733 B
YAML
---
|
|
|
|
- name: Disable SSH root login without password
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#?PermitRootLogin .*$'
|
|
line: "PermitRootLogin prohibit-password"
|
|
state: present
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
notify: restart ssh
|
|
|
|
- name: Disable PasswordAuthentication
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#PasswordAuthentication .*$'
|
|
line: "PasswordAuthentication no"
|
|
state: present
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
notify: restart ssh
|
|
|
|
- name: Disable X11 forwarding
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#?X11Forwarding .*$'
|
|
line: "X11Forwarding no"
|
|
state: present
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
notify: restart ssh
|