You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 

57 lines
1.2 KiB

---
- name: setup ssh with signed keys only or password with 2nd factor
become: yes
become_method: sudo
block:
- name: install packages
package:
name: openssh
state: present
ignore_errors: yes
notify:
- sshd is started
register: SSH
- name: install openssh-server
package:
name: openssh-server
state: present
when: SSH.failed
notify:
- sshd is started
- name: delete sshd_config file
file:
state: absent
path: /etc/ssh/sshd_config
- name: create empty sshd_config
lineinfile:
path: /etc/ssh/sshd_config
line: '# mini ssh config'
create: yes
- name: copy trusted user ca key to server
copy:
src: id_ecdsa_sk.pub
dest: "/etc/ssh/id_ecdsa_sk.pub"
mode: 0600
- name: create new sshd_config
copy:
dest: /etc/ssh/sshd_config
content: |
PermitRootLogin no
PasswordAuthentication no
TrustedUserCAKeys /etc/ssh/id_ecdsa_sk.pub
PubkeyAuthentication yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
AllowUsers m
notify:
- restart sshd