ansible-config/roles/common/tasks/secure-secure-shell.yml
Alexander Dietrich 17468493cc Update common role
- Add secure-secure-shell task
- Add unattended-upgrades task
- Change package installation tasks
- Remove website tasks from generic services group
2017-02-05 13:45:33 +01:00

28 lines
691 B
YAML

# Secure SSH Configuration
# https://stribika.github.io/2015/01/04/secure-secure-shell.html
---
- name: check for ED25519 host key
stat: path=/etc/ssh/ssh_host_ed25519_key
register: f
- fail: msg="No ED25519 host key found"
when: not f.stat.exists
- name: check for RSA host key
stat: path=/etc/ssh/ssh_host_rsa_key
register: f
- fail: msg="No RSA host key found"
when: not f.stat.exists
- name: template sshd_config
template:
src: templates/sshd_config.j2
dest: /etc/ssh/sshd_config
backup: yes
register: sshd_config
# reload sshd now in case the handlers don't run
- name: reload sshd
service:
name: ssh
state: reloaded
when: sshd_config.changed