technolog/ansible
1
0
Fork 0
Code Issues Pull Requests Activity

Add nhadmin key, disable pwd auth enable pubkey auth

Browse Source
This commit is contained in:
iRaven 2024-08-17 04:20:05 -05:00
parent 256b71fb37
commit 71ee83f33f
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
linux/compliance.yaml
View File

@ -22,6 +22,7 @@
file: file:
path: /home/ansible/.ssh path: /home/ansible/.ssh
state: directory state: directory
creates:
- name: Add deployment user's SSH key. - name: Add deployment user's SSH key.
shell: shell:
cmd: echo "{{ ansiblesvc_key }}" > /home/ansible/.ssh/authorized_keys cmd: echo "{{ ansiblesvc_key }}" > /home/ansible/.ssh/authorized_keys
@ -61,8 +62,13 @@
groups: sudo groups: sudo
append: yes append: yes
- name: Add nhadmin user's SSH key.
shell:
cmd: echo "{{ nhadmin_key }}" > /home/nhadmin/.ssh/authorized_keys
creates: /home/nhadmin/.ssh/authorized_keys
# SSH config updating # SSH config updating
- name: Update SSH configuration to disallow root login. - name: Update SSH configuration to disallow root login and disable password authentication.
lineinfile: lineinfile:
dest: /etc/ssh/sshd_config dest: /etc/ssh/sshd_config
regexp: "{{ item.regexp }}" regexp: "{{ item.regexp }}"
@ -72,6 +78,10 @@
with_items: with_items:
- regexp: "^PermitRootLogin" - regexp: "^PermitRootLogin"
line: "PermitRootLogin no" line: "PermitRootLogin no"
- regexp: "^PasswordAuthentication"
line: "PasswordAuthentication no"
- regexp: "^PubkeyAuthentication"
line: "PubkeyAuthentication yes"
- name: Restart SSH service. - name: Restart SSH service.
service: service:
name: ssh name: ssh