+++ /dev/null
-- name: Check sshd
- shell: "grep -c '^PermitRootLogin' /etc/ssh/sshd_config || :"
- register: sshd
- changed_when: sshd.stdout == "0"
-
-- debug:
- msg: "sshd has already been configured"
- when: sshd.stdout != "0"
-
-- name: Configure sshd
- become: true
- lineinfile:
- path: /etc/ssh/sshd_config
- regexp: "^{{ item }}"
- line: "{{ item }}"
- loop: [
- 'PermitRootLogin prohibit-password',
- '# See http://www.openssh.com/txt/cbc.adv',
- 'Ciphers aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc',
- 'PermitTunnel point-to-point',
-
- ]
- notify: Reload sshd
- when: sshd.stdout == "0"