2020-12-11 07:39:15 +00:00
|
|
|
---
|
2020-12-12 00:31:23 +00:00
|
|
|
- name: Ensure SSH server is installed
|
2020-12-11 07:39:15 +00:00
|
|
|
package:
|
|
|
|
|
name: openssh-server
|
|
|
|
|
state: present
|
|
|
|
|
|
2020-12-12 00:31:23 +00:00
|
|
|
- name: Ensure SSH daemon is enabled
|
|
|
|
|
service:
|
|
|
|
|
name: sshd
|
|
|
|
|
enabled: true
|
|
|
|
|
|
2020-12-11 08:13:16 +00:00
|
|
|
# TODO: Prepare for /etc/ssh/sshd_config.d/* style of configuration
|
2020-12-12 00:31:23 +00:00
|
|
|
- name: SSH daemon configuration - global
|
2020-12-11 07:39:15 +00:00
|
|
|
block:
|
2020-12-12 00:31:23 +00:00
|
|
|
- name: SSH daemon configuration - base
|
2020-12-11 07:39:15 +00:00
|
|
|
template:
|
|
|
|
|
src: "etc/ssh/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-sshd_config.j2"
|
2020-12-12 00:31:23 +00:00
|
|
|
dest: "/etc/ssh/sshd_config"
|
2020-12-11 07:39:15 +00:00
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: '0600'
|
|
|
|
|
validate: /usr/sbin/sshd -t -f %s
|
|
|
|
|
backup: true
|
2020-12-12 00:31:23 +00:00
|
|
|
notify: restart_sshd
|
2020-12-11 07:39:15 +00:00
|
|
|
rescue:
|
|
|
|
|
- name: Print errors for configuration and validation
|
|
|
|
|
debug:
|
2020-12-12 00:31:23 +00:00
|
|
|
msg: "Error in SSH daemon configuration or template"
|
2020-12-11 07:39:15 +00:00
|
|
|
|
2020-12-12 00:31:23 +00:00
|
|
|
- name: SSH banner
|
2020-12-11 07:39:15 +00:00
|
|
|
copy:
|
|
|
|
|
src: "etc/rockybanner"
|
|
|
|
|
dest: "/etc/rockybanner"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: '0644'
|
2020-12-12 00:31:23 +00:00
|
|
|
notify: restart_sshd
|
2020-12-11 07:39:15 +00:00
|
|
|
|
2020-12-12 00:31:23 +00:00
|
|
|
- name: Remove DSA keys
|
2020-12-11 07:39:15 +00:00
|
|
|
file:
|
|
|
|
|
path: "{{ item }}"
|
|
|
|
|
state: absent
|
|
|
|
|
with_items:
|
|
|
|
|
- /etc/ssh/ssh_host_dsa_key.pub
|
|
|
|
|
- /etc/ssh/ssh_host_dsa_key
|
