49 lines
889 B
YAML
49 lines
889 B
YAML
---
|
|
|
|
- name: SSH
|
|
become: yes
|
|
package:
|
|
name:
|
|
- bash
|
|
- sudo
|
|
|
|
- name: SSH Config
|
|
become: yes
|
|
copy:
|
|
src: ssh_config
|
|
dest: /etc/ssh/ssh_config
|
|
|
|
- name: SSHD Config
|
|
become: yes
|
|
copy:
|
|
src: sshd_config
|
|
dest: /etc/ssh/sshd_config
|
|
|
|
- name: Mark SSH keys as immutable
|
|
become: yes
|
|
file:
|
|
path: "{{ item }}"
|
|
attributes: i
|
|
loop:
|
|
- /etc/ssh/ssh_host_ed25519_key
|
|
- /etc/ssh/ssh_host_ed25519_key.pub
|
|
- /etc/ssh/ssh_host_rsa_key
|
|
- /etc/ssh/ssh_host_rsa_key.pub
|
|
|
|
- name: Add SSH control groups
|
|
become: yes
|
|
group:
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- ssh-allow
|
|
- ssh-forward
|
|
- sftp-home-jail
|
|
|
|
- name: Add SSH user to ssh-allow
|
|
become: yes
|
|
user:
|
|
name: "{{ ansible_user_id }}"
|
|
groups: ssh-allow
|
|
append: yes
|