initial commit
This commit is contained in:
hiperman
32
roles/system-setup/tasks/ssh.yaml
Executable file
32
roles/system-setup/tasks/ssh.yaml
Executable file
@@ -0,0 +1,32 @@
|
||||
---
|
||||
- name: Update SSH configuration for better security
|
||||
become: true
|
||||
template:
|
||||
src: '../templates/sshd_config.j2'
|
||||
dest: '/etc/ssh/sshd_config'
|
||||
owner: root
|
||||
mode: '0600'
|
||||
validate: '/usr/sbin/sshd -t -f %s'
|
||||
notify: Restart sshd daemon
|
||||
|
||||
- name: Find all existing SSH host keys
|
||||
find:
|
||||
paths: '/etc/ssh'
|
||||
patterns: "ssh_host_*_key*"
|
||||
register: existing_ssh_host_keys
|
||||
when: regenerate_ssh_host_keys | bool
|
||||
|
||||
- name: Delete previous existing SSH host keys
|
||||
become: true
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: absent
|
||||
loop: "{{ existing_ssh_host_keys.files }}"
|
||||
when: regenerate_ssh_host_keys | bool
|
||||
|
||||
- name: Generate new SSH host keys
|
||||
become: true
|
||||
command: ssh-keygen -A
|
||||
changed_when: true
|
||||
when: regenerate_ssh_host_keys | bool
|
||||
notify: Restart sshd daemon
|
||||
Reference in New Issue
Block a user