28 lines
639 B
YAML
28 lines
639 B
YAML
---
|
|
- name: Disable root login over SSH
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin'
|
|
line: 'PermitRootLogin no'
|
|
notify: Restart SSH
|
|
|
|
- name: Disable password authentication
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^PasswordAuthentication'
|
|
line: 'PasswordAuthentication no'
|
|
notify: Restart SSH
|
|
|
|
- name: Ensure non-root admin user exists
|
|
user:
|
|
name: cmmcadmin
|
|
shell: /bin/bash
|
|
groups: sudo
|
|
create_home: yes
|
|
state: present
|
|
|
|
- name: Add authorized SSH key for cmmcadmin
|
|
authorized_key:
|
|
user: cmmcadmin
|
|
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
|