17468493cc
- Add secure-secure-shell task - Add unattended-upgrades task - Change package installation tasks - Remove website tasks from generic services group
28 lines
691 B
YAML
28 lines
691 B
YAML
# Secure SSH Configuration
|
|
# https://stribika.github.io/2015/01/04/secure-secure-shell.html
|
|
---
|
|
- name: check for ED25519 host key
|
|
stat: path=/etc/ssh/ssh_host_ed25519_key
|
|
register: f
|
|
- fail: msg="No ED25519 host key found"
|
|
when: not f.stat.exists
|
|
|
|
- name: check for RSA host key
|
|
stat: path=/etc/ssh/ssh_host_rsa_key
|
|
register: f
|
|
- fail: msg="No RSA host key found"
|
|
when: not f.stat.exists
|
|
|
|
- name: template sshd_config
|
|
template:
|
|
src: templates/sshd_config.j2
|
|
dest: /etc/ssh/sshd_config
|
|
backup: yes
|
|
register: sshd_config
|
|
|
|
# reload sshd now in case the handlers don't run
|
|
- name: reload sshd
|
|
service:
|
|
name: ssh
|
|
state: reloaded
|
|
when: sshd_config.changed
|