You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

57 lines
1.2 KiB

2 years ago
9 months ago
2 years ago
9 months ago
2 years ago
9 months ago
2 years ago
9 months ago
2 years ago
9 months ago
9 months ago
2 years ago
  1. ---
  2. - name: setup ssh with signed keys only or password with 2nd factor
  3. become: yes
  4. become_method: sudo
  5. block:
  6. - name: install packages
  7. package:
  8. name: openssh
  9. state: present
  10. ignore_errors: yes
  11. notify:
  12. - sshd is started
  13. register: SSH
  14. - name: install openssh-server
  15. package:
  16. name: openssh-server
  17. state: present
  18. when: SSH.failed
  19. notify:
  20. - sshd is started
  21. - name: delete sshd_config file
  22. file:
  23. state: absent
  24. path: /etc/ssh/sshd_config
  25. - name: create empty sshd_config
  26. lineinfile:
  27. path: /etc/ssh/sshd_config
  28. line: '# mini ssh config'
  29. create: yes
  30. - name: copy trusted user ca key to server
  31. copy:
  32. src: id_ecdsa_sk.pub
  33. dest: "/etc/ssh/id_ecdsa_sk.pub"
  34. mode: 0600
  35. - name: create new sshd_config
  36. copy:
  37. dest: /etc/ssh/sshd_config
  38. content: |
  39. PermitRootLogin no
  40. PasswordAuthentication no
  41. TrustedUserCAKeys /etc/ssh/id_ecdsa_sk.pub
  42. PubkeyAuthentication yes
  43. AcceptEnv LANG LC_*
  44. Subsystem sftp /usr/lib/openssh/sftp-server
  45. AllowUsers m
  46. notify:
  47. - restart sshd