M roles/system/tasks/ssh.yml => roles/system/tasks/ssh.yml +10 -1
@@ 2,12 2,21 @@
- name: Disable SSH password auth
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
- regexp: ^#PasswordAuthentication yes
+ regexp: ^#?PasswordAuthentication yes
line: PasswordAuthentication no
validate: sshd -T -f %s
mode: "0644"
notify: Restart sshd
+- name:
+ ansible.builtin.lineinfile:
+ path: /etc/ssh/sshd_config
+ regexp: ^#?PermitRootLogin (yes|no)
+ line: PermitRootLogin prohibit-password
+ validate: sshd -T -f %s
+ mode: "0644"
+ notify: Restart sshd
+
- name: Enable ssh on boot
ansible.builtin.service:
name: sshd