diff options
| author | Dmitry Ilvokhin <d@ilvokhin.com> | 2024-01-28 15:57:59 +0000 |
|---|---|---|
| committer | Dmitry Ilvokhin <d@ilvokhin.com> | 2024-01-28 15:57:59 +0000 |
| commit | ab0d9d56fb27f19b76fc7c3aba1f0d1936cd44bc (patch) | |
| tree | 7a905cadb972aa60d20672e6cabb8e5f762478ce /roles | |
| parent | 4de52db6f90ade9142c2f12988bba0b529137f95 (diff) | |
| download | infra-ab0d9d56fb27f19b76fc7c3aba1f0d1936cd44bc.tar.gz infra-ab0d9d56fb27f19b76fc7c3aba1f0d1936cd44bc.tar.bz2 infra-ab0d9d56fb27f19b76fc7c3aba1f0d1936cd44bc.zip | |
Disable ssh password authentication
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/sshd/handlers/main.yml | 4 | ||||
| -rw-r--r-- | roles/sshd/tasks/main.yml | 10 |
2 files changed, 14 insertions, 0 deletions
diff --git a/roles/sshd/handlers/main.yml b/roles/sshd/handlers/main.yml new file mode 100644 index 0000000..439395a --- /dev/null +++ b/roles/sshd/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Restart sshd + ansible.builtin.service: + name: sshd + state: restarted diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml new file mode 100644 index 0000000..1991564 --- /dev/null +++ b/roles/sshd/tasks/main.yml @@ -0,0 +1,10 @@ +- name: Disable SSH password authentication + ansible.builtin.lineinfile: + dest: /etc/ssh/sshd_config + state: present + regexp: '^#?PasswordAuthentication' + line: 'PasswordAuthentication no' + validate: "/usr/sbin/sshd -t -f %s" + owner: root + group: root + mode: u+r,g+r,o+r |