33 lines
806 B
YAML
Executable File
33 lines
806 B
YAML
Executable File
---
|
|
- name: Update SSH configuration for better security
|
|
become: true
|
|
template:
|
|
src: '../templates/sshd_config.j2'
|
|
dest: '/etc/ssh/sshd_config'
|
|
owner: root
|
|
mode: '0600'
|
|
validate: '/usr/sbin/sshd -t -f %s'
|
|
notify: Restart sshd daemon
|
|
|
|
- name: Find all existing SSH host keys
|
|
find:
|
|
paths: '/etc/ssh'
|
|
patterns: "ssh_host_*_key*"
|
|
register: existing_ssh_host_keys
|
|
when: regenerate_ssh_host_keys | bool
|
|
|
|
- name: Delete previous existing SSH host keys
|
|
become: true
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: absent
|
|
loop: "{{ existing_ssh_host_keys.files }}"
|
|
when: regenerate_ssh_host_keys | bool
|
|
|
|
- name: Generate new SSH host keys
|
|
become: true
|
|
command: ssh-keygen -A
|
|
changed_when: true
|
|
when: regenerate_ssh_host_keys | bool
|
|
notify: Restart sshd daemon
|