Add nhadmin key, disable pwd auth enable pubkey auth

2024-08-17 04:20:05 -05:00 · 2024-08-17 04:20:05 -05:00 · 71ee83f33f
commit 71ee83f33f
parent 256b71fb37
1 changed files with 11 additions and 1 deletions
--- a/linux/compliance.yaml
+++ b/linux/compliance.yaml
@ -22,6 +22,7 @@
      file:
        path: /home/ansible/.ssh
        state: directory
+        creates:
    - name: Add deployment user's SSH key.
      shell:
        cmd: echo "{{ ansiblesvc_key }}" > /home/ansible/.ssh/authorized_keys
@ -61,8 +62,13 @@
        groups: sudo
        append: yes

+    - name: Add nhadmin user's SSH key.
+      shell:
+        cmd: echo "{{ nhadmin_key }}" > /home/nhadmin/.ssh/authorized_keys
+        creates: /home/nhadmin/.ssh/authorized_keys
+
    # SSH config updating
-    - name: Update SSH configuration to disallow root login.
+    - name: Update SSH configuration to disallow root login and disable password authentication.
      lineinfile:
        dest: /etc/ssh/sshd_config
        regexp: "{{ item.regexp }}"
@ -72,6 +78,10 @@
      with_items:
        - regexp: "^PermitRootLogin"
          line: "PermitRootLogin no"
+        - regexp: "^PasswordAuthentication"
+          line: "PasswordAuthentication no"
+        - regexp: "^PubkeyAuthentication"
+          line: "PubkeyAuthentication yes"
    - name: Restart SSH service.
      service:
        name: ssh