51 lines
1.2 KiB
YAML
51 lines
1.2 KiB
YAML
- name: Deploy SSH Key (administrator)
|
|
ansible.builtin.copy:
|
|
dest: /home/administrator/.ssh/authorized_keys
|
|
src: files/authorized_keys_administrator
|
|
mode: "0600"
|
|
force: true
|
|
|
|
- name: Ensure ssh folder exists for user
|
|
ansible.builtin.file:
|
|
path: /home/user/.ssh
|
|
mode: "0600"
|
|
state: directory
|
|
|
|
- name: Deploy SSH Key (user)
|
|
ansible.builtin.copy:
|
|
dest: /home/user/.ssh/authorized_keys
|
|
src: files/authorized_keys_user
|
|
mode: "0600"
|
|
force: true
|
|
|
|
- name: Remove Root SSH Configuration
|
|
ansible.builtin.file:
|
|
path: /root/.ssh
|
|
state: absent
|
|
|
|
- name: Copy Secured SSHD Configuration
|
|
ansible.builtin.copy:
|
|
src: files/sshd_config_secured
|
|
dest: /etc/ssh/sshd_config
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
when: ansible_os_family == "Debian"
|
|
|
|
- name: Copy Secured SSHD Configuration
|
|
ansible.builtin.copy:
|
|
src: files/sshd_config_secured_redhat
|
|
dest: /etc/ssh/sshd_config
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
when: ansible_os_family == "RedHat"
|
|
|
|
- name: Restart SSHD
|
|
ansible.builtin.systemd:
|
|
name: sshd
|
|
daemon_reload: true
|
|
state: restarted
|
|
enabled: true
|
|
ignore_errors: "{{ ansible_check_mode }}"
|