sshd.yml 1022 Bytes
Newer Older
julian.gethmann's avatar
julian.gethmann committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
---
- name: Installed sshd
  dnf: state=installed name=openssh-server
  become: yes

- name: Disable empty password login
  lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitEmptyPasswords.*" line="PermitEmptyPasswords no" backup=yes
  notify: restart sshd
  become: yes

- name: Disable remote root login
  lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitRootLogin.*" line="PermitRootLogin no" backup=yes
  notify: restart sshd
  become: yes

- name: Enable tunnel
  lineinfile: dest=/etc/ssh/sshd_config regexp=".*PermitTunnel.*" line="PermitTunnel yes" backup=yes
  notify:
  - enable sshd
  - restart sshd
  become: yes

# - name: always start sshd
#   command: chkconfig sshd on

- name: Add curves
  lineinfile: dest=/etc/ssh/sshd_config regexp="HostKey.*ed25519.*" line="HostKey /etc/ssh/ssh_host_ed25519_key" backup=yes
  notify: restart sshd
  become: yes

- name: enable PAM
  lineinfile: dest=/etc/ssh/sshd_config regexp=".*UsePAM .*" line="UsePAM yes" backup=yes
  become: yes
  notify: restart sshd