2 shell: "grep -c '^PermitRootLogin' /etc/ssh/sshd_config || :"
4 changed_when: sshd.stdout == "0"
7 msg: "sshd has already been configured"
8 when: sshd.stdout != "0"
10 - name: Configure sshd
13 path: /etc/ssh/sshd_config
17 'PermitRootLogin prohibit-password',
18 '# See http://www.openssh.com/txt/cbc.adv',
19 'Ciphers aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc',
20 'PermitTunnel point-to-point',
24 when: sshd.stdout == "0"