---
# file: roles/base/tasks/core_ssh.yml

- name: Install the issue notice
  template: 
    src: issue.j2
    dest: /etc/issue
  notify: Restart SSH
  tags:
  - issue

- name: Configure SSH to display the issue notice
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?Banner '
    line: Banner /etc/issue
  notify: Restart SSH
  tags:
  - issue

- name: Configure SSH root login
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?PermitRootLogin '
    line: PermitRootLogin no
  when: base_core_ssh_permit_root_login == false
  notify:
    - Restart SSH
  tags:
  - root_login

- name: Configure SSH password auth
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^#?PasswordAuthentication '
    line: PasswordAuthentication no
  when: base_core_ssh_permit_password_authentication == false
  notify:
    - Restart SSH
  tags:
  - password_auth