42 lines
1.1 KiB
YAML
42 lines
1.1 KiB
YAML
---
|
|
- name: Disable root and password SSH login
|
|
hosts: all
|
|
become: true
|
|
gather_facts: true
|
|
|
|
tasks:
|
|
|
|
- name: Ensure PermitRootLogin is disabled
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin'
|
|
line: 'PermitRootLogin no'
|
|
state: present
|
|
|
|
- name: Disable password authentication
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PasswordAuthentication'
|
|
line: 'PasswordAuthentication no'
|
|
state: present
|
|
|
|
- name: Disable challenge response authentication
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^ChallengeResponseAuthentication'
|
|
line: 'ChallengeResponseAuthentication no'
|
|
state: present
|
|
|
|
- name: Ensure PubkeyAuthentication enabled
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PubkeyAuthentication'
|
|
line: 'PubkeyAuthentication yes'
|
|
state: present
|
|
|
|
- name: Restart SSH
|
|
ansible.builtin.service:
|
|
name: ssh
|
|
state: restarted
|
|
|