This commit is contained in:
decentral1se
36
tasks/main.yml
Normal file
36
tasks/main.yml
Normal file
@ -0,0 +1,36 @@
|
||||
---
|
||||
- name: Disable root SSH login
|
||||
lineinfile:
|
||||
line: PermitRootLogin no
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: "^#?PermitRootLogin"
|
||||
when: not sshd_permit_root_login
|
||||
notify: Restart SSH
|
||||
|
||||
- name: Do not allow SSH access using passwords
|
||||
lineinfile:
|
||||
line: PasswordAuthentication no
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: "^#?PasswordAuthentication"
|
||||
notify: Restart SSH
|
||||
|
||||
- name: Include the resource variables
|
||||
include_vars: "{{ role_path }}/../../resources/{{ lookup('env', 'MEMBERS_FILE') | default('members.yml', True) }}"
|
||||
|
||||
- name: Register the list of autonomic members
|
||||
set_fact:
|
||||
members_list: "{{ autonomic_members | map(attribute='username') | list | join(' ') }}"
|
||||
|
||||
- name: "Only allow logins from {{ members_list }}"
|
||||
lineinfile:
|
||||
line: "AllowUsers {{ members_list }}"
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: "^#?AllowUsers"
|
||||
notify: Restart SSH
|
||||
|
||||
- name: "Set SSH port to {{ sshd_port }}"
|
||||
lineinfile:
|
||||
line: "Port {{ sshd_port }}"
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: "^#?Port"
|
||||
notify: Restart SSH
|
||||
Reference in New Issue
Block a user