Commit ba309011 authored by Tobias Stein's avatar Tobias Stein
Browse files

Disable sshd PasswordAuth

* Add handler reload ssh
* Add task to disable ssh PasswordAuthentication
parent 9449d1a0
......@@ -7,6 +7,12 @@
name: cron
state: restarted
- name: reload ssh
become: true
service:
name: ssh
state: reloaded
- name: trigger udev
become: true
command: udevadm trigger
......
......@@ -31,4 +31,19 @@
- dhparam
- dhparam_create
- name: "Security - disable ssh password auth"
become: true
ansible.builtin.lineinfile:
path: "/etc/ssh/sshd_config"
regexp: '#PasswordAuthentication (yes|no)$'
line: "PasswordAuthentication no"
when:
- ssh is defined
- ssh.PasswordAuthentication is defined
- ssh.PasswordAuthentication |bool == false
tags:
- ssh_password_auth
notify:
- reload ssh
# vim: et:noai:ts=2:sw=2
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment