2019-05-07 08:18:30 +00:00
|
|
|
---
|
2019-05-07 08:19:57 +00:00
|
|
|
- name: Gather OS specific variables
|
|
|
|
include_vars: "{{ item }}"
|
|
|
|
with_first_found:
|
|
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version }}.yml"
|
|
|
|
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version }}.yml"
|
|
|
|
- "{{ ansible_distribution|lower }}.yml"
|
|
|
|
- "{{ ansible_lsb.id|default('NotAvailable')|lower }}.yml"
|
|
|
|
- "{{ (ansible_os_family|lower).split(' ')[0] }}.yml"
|
|
|
|
- "default.yml"
|
|
|
|
|
|
|
|
|
2019-05-07 08:18:30 +00:00
|
|
|
- name: "Set «PermitRootLogin» to «without-password»"
|
|
|
|
lineinfile:
|
2022-06-28 14:45:20 +00:00
|
|
|
dest: '{{ sshd_config_path | default("/etc/ssh/sshd_config") }}'
|
2019-05-07 08:18:30 +00:00
|
|
|
regexp: '^#? *PermitRootLogin'
|
|
|
|
line: "PermitRootLogin without-password"
|
|
|
|
backup: yes
|
|
|
|
register: sshconfigchanged
|
|
|
|
|
|
|
|
|
|
|
|
- name: Restart sshd
|
|
|
|
service:
|
|
|
|
name: "{{ ssh_service_name }}"
|
|
|
|
state: restarted
|
|
|
|
when: sshconfigchanged is changed
|
|
|
|
|
|
|
|
|