3 shell: "grep -c '^PermitRootLogin prohibit-password' /etc/ssh/sshd_config || :"
5 changed_when: sshd.stdout == "0"
8 msg: "sshd has already been configured"
9 when: sshd.stdout != "0"
11 - name: "Setup sshd: disable root login"
14 path: /etc/ssh/sshd_config
15 regexp: "^PermitRootLogin yes"
17 when: sshd.stdout == "0"
19 - name: Configure sshd
22 path: /etc/ssh/sshd_config
26 'PermitRootLogin prohibit-password',
27 '# See http://www.openssh.com/txt/cbc.adv',
28 'Ciphers aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc',
29 'PermitTunnel point-to-point',
33 when: sshd.stdout == "0"