-
Notifications
You must be signed in to change notification settings - Fork 1
/
initialize.yaml
34 lines (33 loc) · 1.08 KB
/
initialize.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
---
- name: Initialize server ssh connection configuration
become: true
hosts: all
tasks:
- name: Check that authorized_keys exists
ansible.builtin.stat:
path: ~/.ssh/authorized_keys
register: authorized_keys
become_user: "{{ ansible_ssh_user }}"
- name: Fail if authorized_keys is missing or empty
ansible.builtin.fail:
msg: authorized_keys file is either missing or empty {{ authorized_keys.stat.size }}
when: authorized_keys.stat.size == 0
- name: Disable SSH password authentication
become: true
become_method: ansible.builtin.sudo
ansible.builtin.lineinfile:
dest: /etc/ssh/sshd_config
regexp: "{{ item.regex }}"
line: "{{ item.line }}"
state: present
loop:
- regex: ^PasswordAuthentication
line: PasswordAuthentication no
- regex: ^ChallengeResponseAuthentication
line: ChallengeResponseAuthentication no
notify: Restart sshd
handlers:
- name: Restart sshd
ansible.builtin.service:
name: sshd
state: restarted