ssh: allow to enable password auth

main
Simeon Keske 4 years ago
parent 81b5c237b9
commit 65551fdc5e
No known key found for this signature in database
GPG Key ID: B15B623C3C45B235

@ -4,3 +4,4 @@ users:
- { name: 'nouser', state: 'absent', public_key: '' }
system_locale: en_US.UTF-8
ssh_allow_password: no

@ -1,8 +1,8 @@
---
- name: Update and upgrade apt packages
apt:
upgrade: 'yes'
update_cache: 'yes'
upgrade: dist
update_cache: yes
cache_valid_time: 86400 # One day
- name: install a default set of packages
@ -22,13 +22,13 @@
- zip
- unzip
- zsh
- python-pip
- python3-pip
- python-setuptools
- python3-setuptools
- rsync
- gnupg
- sudo
- curl
- python-pip
- python3-pip
- python-setuptools
- python3-setuptools
state: present
tags: packages

@ -4,6 +4,7 @@
path: /etc/ssh/sshd_config
regexp: '^#?AuthenticationMethods '
line: 'AuthenticationMethods publickey'
when: not ssh_allow_password
notify: reload sshd service
- name: Disable SSH password authentication
@ -11,4 +12,21 @@
path: /etc/ssh/sshd_config
regexp: '^#?PasswordAuthentication '
line: 'PasswordAuthentication no'
notify: reload sshd service
when: not ssh_allow_password
notify: reload sshd service
- name: Restrict SSH to public key and password authentication
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?AuthenticationMethods '
line: 'AuthenticationMethods publickey password'
when: ssh_allow_password
notify: reload sshd service
- name: Enable SSH password authentication
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PasswordAuthentication '
line: 'PasswordAuthentication yes'
when: ssh_allow_password
notify: reload sshd service

Loading…
Cancel
Save