58 lines
1.6 KiB
YAML
58 lines
1.6 KiB
YAML
---
|
|
# file: tasks/ssh.yml
|
|
|
|
- name: ssh - add ssh_authorized_keys to file ~/.ssh/authorized_keys
|
|
authorized_key: user="{{ ansible_user|default('root') }}" key="{{ item }}"
|
|
with_items: "{{ hosts_ssh_authorized_keys|default([]) }}"
|
|
ignore_errors: true
|
|
|
|
- name: ssh - add ssh_public_hosts keys to known_hosts
|
|
with_items: "{{ hosts_ssh_public_hosts|default([]) }}"
|
|
known_hosts:
|
|
name: "{{ item }}"
|
|
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa -H ' + item) }}"
|
|
ignore_errors: true
|
|
|
|
- name: ssh - copy ssh_private_keys to ~/.ssh/
|
|
with_items: "{{ hosts_ssh_private_keys|default([]) }}"
|
|
copy: src="{{ item }}" dest=~/.ssh/ mode=0400
|
|
ignore_errors: true
|
|
|
|
- name: ssh - update ~/.ssh/myos/config
|
|
template:
|
|
src: ssh_config.j2
|
|
dest: ~/.ssh/myos/config
|
|
mode: 0400
|
|
|
|
- name: ssh - define sshd configuration
|
|
set_fact:
|
|
sshd_config:
|
|
- dest: /etc/conf.d/dropbear
|
|
line: 'DROPBEAR_OPTS="\1 -b /etc/issue.net"'
|
|
regex: '^DROPBEAR_OPTS="((?!.*-b /etc/issue.net).*)"$'
|
|
- dest: /etc/ssh/sshd_config
|
|
line: Banner /etc/issue.net
|
|
regex: ^#?Banner
|
|
- dest: /etc/ssh/sshd_config
|
|
line: PermitRootLogin prohibit-password
|
|
regex: ^#?PermitRootLogin
|
|
|
|
- name: ssh - stat sshd configuration file
|
|
changed_when: false
|
|
register: sshd_config_stat
|
|
stat:
|
|
path: "{{ item.dest }}"
|
|
with_items: "{{ sshd_config|default([]) }}"
|
|
|
|
- name: ssh - configure sshd
|
|
become: yes
|
|
lineinfile:
|
|
backrefs: true
|
|
dest: "{{ item.0.dest }}"
|
|
line: "{{ item.0.line }}"
|
|
regex: "{{ item.0.regex }}"
|
|
with_together:
|
|
- "{{ sshd_config|default([]) }}"
|
|
- "{{ sshd_config_stat.results }}"
|
|
when: item.1.stat.exists
|