Ansible-Linux_Base/roles/base/tasks/core_ssh.yml

---
# file: roles/base/tasks/core_ssh.yml

- name: Install the issue notice
  template: 
    src: issue.j2
    dest: /etc/issue
  notify: Restart SSH
  tags:
  - issue

- name: Configure SSH to display the issue notice
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?Banner '
    line: Banner /etc/issue
  notify: Restart SSH
  tags:
  - issue

- name: Setup authorized keys
  authorized_key:
    user: "{{ base_core_management_user }}"
    state: present
    key: '{{ lookup("file", item) }}'
  with_fileglob:
    - "public_keys/*"
  tags:
  - authorized_key

- name: Setup authorized keys for secondary user
  authorized_key:
    user: "{{ base_core_secondary_user }}"
    state: present
    key: '{{ lookup("file", item) }}'
  with_fileglob:
    - "public_keys/*"
  when: base_core_secondary_user != ""
  tags:
  - authorized_key

- name: Configure SSH root login
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?PermitRootLogin '
    line: PermitRootLogin no
  when: base_core_ssh_permit_root_login == false
  notify:
    - Restart SSH
  tags:
  - root_login

- name: Configure SSH password auth
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?PasswordAuthentication '
    line: PasswordAuthentication no
  when: base_core_ssh_permit_password_authentication == false
  notify:
    - Restart SSH
  tags:
  - password_auth
Initial commit 2021-09-01 17:31:49 -06:00			`---`
			`# file: roles/base/tasks/core_ssh.yml`

			`- name: Install the issue notice`
			`template:`
			`src: issue.j2`
			`dest: /etc/issue`
			`notify: Restart SSH`
			`tags:`
			`- issue`

			`- name: Configure SSH to display the issue notice`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: '^#?Banner '`
			`line: Banner /etc/issue`
			`notify: Restart SSH`
			`tags:`
			`- issue`

			`- name: Setup authorized keys`
			`authorized_key:`
			`user: "{{ base_core_management_user }}"`
			`state: present`
			`key: '{{ lookup("file", item) }}'`
			`with_fileglob:`
			`- "public_keys/*"`
			`tags:`
			`- authorized_key`

Adding option for secondary user to receive public keys 2022-08-23 13:01:26 -06:00			`- name: Setup authorized keys for secondary user`
			`authorized_key:`
Adding option for configuring a secondary account 2022-08-25 09:30:20 -06:00			`user: "{{ base_core_secondary_user }}"`
Adding option for secondary user to receive public keys 2022-08-23 13:01:26 -06:00			`state: present`
			`key: '{{ lookup("file", item) }}'`
			`with_fileglob:`
			`- "public_keys/*"`
Adding option for configuring a secondary account 2022-08-25 09:30:20 -06:00			`when: base_core_secondary_user != ""`
Adding option for secondary user to receive public keys 2022-08-23 13:01:26 -06:00			`tags:`
			`- authorized_key`

Initial commit 2021-09-01 17:31:49 -06:00			`- name: Configure SSH root login`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: '^#?PermitRootLogin '`
			`line: PermitRootLogin no`
			`when: base_core_ssh_permit_root_login == false`
			`notify:`
			`- Restart SSH`
			`tags:`
			`- root_login`

			`- name: Configure SSH password auth`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: '^#?PasswordAuthentication '`
			`line: PasswordAuthentication no`
			`when: base_core_ssh_permit_password_authentication == false`
			`notify:`
			`- Restart SSH`
			`tags:`
			`- password_auth`