You've already forked base
Ludovic Cartier
33 lines
836 B
YAML
33 lines
836 B
YAML
- name: SSH | configure root login restrictions
|
|
template:
|
|
src: sshd_root_conf.j2
|
|
dest: /etc/ssh/sshd_config.d/root.conf
|
|
mode: '0644'
|
|
validate: /usr/sbin/sshd -t -f %s
|
|
when: ssh_root_authorized_ips is defined
|
|
register: sshd_conf_changes
|
|
|
|
- name: SSH | configure root authorized keys
|
|
template:
|
|
src: root_authorized_keys.j2
|
|
dest: "{{ ssh_root_authorized_keys_file | default('/root/.ssh/authorized_keys') }}"
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
when: ssh_root_authorized_keys is defined
|
|
|
|
- name: SSH | test SSH configuration
|
|
command: /usr/sbin/sshd -t
|
|
register: sshd_config_check
|
|
changed_when: false
|
|
when: sshd_conf_changes.changed
|
|
|
|
- name: SSH | reload SSH service
|
|
service:
|
|
name: ssh
|
|
state: reloaded
|
|
when:
|
|
- sshd_conf_changes.changed
|
|
- sshd_config_check.rc == 0
|
|
|