X-Git-Url: https://git.phdru.name/?a=blobdiff_plain;f=playbooks%2Fdebian%2Froles%2Fsshd%2Ftasks%2Fmain.yml;fp=playbooks%2Fdebian%2Froles%2Fsshd%2Ftasks%2Fmain.yml;h=9f76108e4ec34d9646688ec2ccfc45fcdefa6b2d;hb=4d94f52fdb488f7b7b8328212824df69c66424d6;hp=0000000000000000000000000000000000000000;hpb=dfcf522518a86a343c181203ac4fc7431352f7f4;p=ansible.git

diff --git a/playbooks/debian/roles/sshd/tasks/main.yml b/playbooks/debian/roles/sshd/tasks/main.yml
new file mode 100644
index 0000000..9f76108
--- /dev/null
+++ b/playbooks/debian/roles/sshd/tasks/main.yml
@@ -0,0 +1,24 @@
+- name: Check sshd
+  shell: "grep -c '^PermitRootLogin' /etc/ssh/sshd_config || :"
+  register: sshd
+  changed_when: sshd.stdout == "0"
+
+- debug:
+    msg: "sshd has already been configured"
+  when: sshd.stdout != "0"
+
+- name: Configure sshd
+  become: true
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^{{ item }}"
+    line: "{{ item }}"
+  loop: [
+    'PermitRootLogin prohibit-password',
+    '# See http://www.openssh.com/txt/cbc.adv',
+    'Ciphers aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc',
+    'PermitTunnel point-to-point',
+
+  ]
+  notify: Reload sshd
+  when: sshd.stdout == "0"