--- - name: Ensure SSH is installed - it should be package: name: openssh-server state: present # TODO: Prepare for /etc/ssh/sshd_config.d/* style of configuration - name: ssh configuration - global block: - name: ssh configuration - base template: src: "etc/ssh/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-sshd_config.j2" dest: /etc/ssh/sshd_config owner: root group: root mode: '0600' validate: /usr/sbin/sshd -t -f %s backup: true notify: restart_ssh rescue: - name: Print errors for configuration and validation debug: msg: "Error in configuration or template" - name: ssh banner copy: src: "etc/rockybanner" dest: "/etc/rockybanner" owner: root group: root mode: '0644' notify: restart_ssh - name: Remove dsa keys file: path: "{{ item }}" state: absent with_items: - /etc/ssh/ssh_host_dsa_key.pub - /etc/ssh/ssh_host_dsa_key