# Role and config created after: https://infosec.mozilla.org/guidelines/openssh - name: deploy SSH server config become: true block: - name: deploy `sshd_config` ansible.builtin.template: force: true dest: /etc/ssh/sshd_config mode: 0644 owner: root group: root src: sshd_config.j2 register: deploy_ssh_server_config__ssh_config_copy_result when: inventory_hostname in groups['Debian_CloudInit_VMs'] - name: deactivate short moduli ansible.builtin.shell: cmd: awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli # Rebooting here instead of restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection. - name: reboot, if ssh server config got changed ansible.builtin.reboot: when: deploy_ssh_server_config__ssh_config_copy_result.changed