44 lines
1.2 KiB
YAML
44 lines
1.2 KiB
YAML
---
|
|
# file: tasks/ssh.yml
|
|
|
|
- name: ssh - add hosts_ssh_public_hosts keys to known_hosts
|
|
with_items: "{{ hosts_ssh_public_hosts|default([]) }}"
|
|
known_hosts:
|
|
path: /etc/ssh/ssh_known_hosts
|
|
name: "{{ item }}"
|
|
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa -H ' + item) }}"
|
|
become: true
|
|
ignore_errors: true
|
|
|
|
- name: ssh - define sshd configuration
|
|
set_fact:
|
|
sshd_config:
|
|
- dest: /etc/conf.d/dropbear
|
|
line: 'DROPBEAR_OPTS="\1 -b /etc/issue.net"'
|
|
regex: '^DROPBEAR_OPTS="((?!.*-b /etc/issue.net).*)"$'
|
|
- dest: /etc/ssh/sshd_config
|
|
line: Banner /etc/issue.net
|
|
regex: ^#?Banner
|
|
- dest: /etc/ssh/sshd_config
|
|
line: PermitRootLogin prohibit-password
|
|
regex: ^#?PermitRootLogin
|
|
|
|
- name: ssh - stat sshd configuration file
|
|
changed_when: false
|
|
register: sshd_config_stat
|
|
stat:
|
|
path: "{{ item.dest }}"
|
|
with_items: "{{ sshd_config|default([]) }}"
|
|
|
|
- name: ssh - configure sshd
|
|
become: yes
|
|
lineinfile:
|
|
backrefs: true
|
|
dest: "{{ item.0.dest }}"
|
|
line: "{{ item.0.line }}"
|
|
regex: "{{ item.0.regex }}"
|
|
with_together:
|
|
- "{{ sshd_config|default([]) }}"
|
|
- "{{ sshd_config_stat.results }}"
|
|
when: item.1.stat.exists
|