---
- name: 16_PRO_SSHConfig.yml
hosts: all
gather_facts: yes
vars:
allow_root: True
allow_password: False
ssh_port: 34522
ssh_change_port: True
tasks:
- name: Delete GSS
lineinfile: dest=/etc/ssh/sshd_config state=absent regexp=".*GSS.*"
- name: Set UseDNS no
lineinfile: dest=/etc/ssh/sshd_config regexp=".*UseDNS.*" line="UseDNS no"
- name: if permit root login via publickey
lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin " insertafter="^#PermitRootLogin " line="PermitRootLogin without-password"
when: allow_root == 'True'
- name: if not allow rootlogin
lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin " insertafter="^#PermitRootLogin " line="PermitRootLogin no"
when: allow_root == 'False'
- lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication yes"
when: allow_password == 'True'
- lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication " line="PasswordAuthentication no"
when: allow_password == 'False'
- lineinfile: dest=/etc/ssh/sshd_config regexp="^RSAAuthentication " line="RSAAuthentication yes"
when: allow_password == 'False'
- lineinfile: dest=/etc/ssh/sshd_config regexp="^PubkeyAuthentication " line="PubkeyAuthentication yes"
when: allow_password == 'False'
- lineinfile: dest=/etc/ssh/sshd_config regexp="^AuthorizedKeysFile " line="AuthorizedKeysFile .ssh/authorized_keys"
when: allow_password == 'False'
- lineinfile: dest=/etc/ssh/sshd_config regexp=".*Port.*" line="Port {{ssh_port}}"
when: ssh_change_port == 'True'
- name: restart sshd service
service: name=sshd state=restarted