24 lines
907 B
YAML
24 lines
907 B
YAML
# Role and config created after: https://infosec.mozilla.org/guidelines/openssh
|
|
- name: deploy SSH server config
|
|
become: true
|
|
|
|
block:
|
|
- name: deploy `sshd_config`
|
|
ansible.builtin.template:
|
|
force: true
|
|
dest: /etc/ssh/sshd_config
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
src: sshd_config.j2
|
|
register: deploy_ssh_server_config__ssh_config_copy_result
|
|
|
|
- name: deactivate short moduli
|
|
ansible.builtin.shell:
|
|
cmd: awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/moduli.tmp && mv /etc/ssh/moduli.tmp /etc/ssh/moduli
|
|
|
|
# Rebooting here instead of restarting the ssh service, since I don't know how Ansible reacts, when it restarts the service it probably needs for the connection.
|
|
- name: reboot, if ssh server config got changed
|
|
ansible.builtin.reboot:
|
|
when: deploy_ssh_server_config__ssh_config_copy_result.changed
|