30 lines
869 B
YAML
30 lines
869 B
YAML
---
|
|
- name: SSH | Ensure privilege separation directory exists
|
|
ansible.builtin.file:
|
|
path: /run/sshd
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: SSH | Root-Login nur mit Schlüssel erlauben
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#?PermitRootLogin'
|
|
line: 'PermitRootLogin prohibit-password'
|
|
validate: 'sshd -t -f %s'
|
|
notify: restart sshd
|
|
|
|
- name: SSH | Passwort-Authentifizierung deaktivieren
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#?PasswordAuthentication'
|
|
line: 'PasswordAuthentication no'
|
|
validate: 'sshd -t -f %s'
|
|
notify: restart sshd
|
|
|
|
- name: SSH | Leere Passwörter verbieten
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^#?PermitEmptyPasswords'
|
|
line: 'PermitEmptyPasswords no'
|
|
validate: 'sshd -t -f %s'
|
|
notify: restart sshd |