ssh: allow to enable password auth

main
Simeon Keske 5 years ago
parent 81b5c237b9
commit 65551fdc5e
No known key found for this signature in database
GPG Key ID: B15B623C3C45B235

@ -4,3 +4,4 @@ users:
- { name: 'nouser', state: 'absent', public_key: '' } - { name: 'nouser', state: 'absent', public_key: '' }
system_locale: en_US.UTF-8 system_locale: en_US.UTF-8
ssh_allow_password: no

@ -1,8 +1,8 @@
--- ---
- name: Update and upgrade apt packages - name: Update and upgrade apt packages
apt: apt:
upgrade: 'yes' upgrade: dist
update_cache: 'yes' update_cache: yes
cache_valid_time: 86400 # One day cache_valid_time: 86400 # One day
- name: install a default set of packages - name: install a default set of packages
@ -22,13 +22,13 @@
- zip - zip
- unzip - unzip
- zsh - zsh
- python-pip
- python3-pip
- python-setuptools
- python3-setuptools
- rsync - rsync
- gnupg - gnupg
- sudo - sudo
- curl - curl
- python-pip
- python3-pip
- python-setuptools
- python3-setuptools
state: present state: present
tags: packages tags: packages

@ -4,6 +4,7 @@
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
regexp: '^#?AuthenticationMethods ' regexp: '^#?AuthenticationMethods '
line: 'AuthenticationMethods publickey' line: 'AuthenticationMethods publickey'
when: not ssh_allow_password
notify: reload sshd service notify: reload sshd service
- name: Disable SSH password authentication - name: Disable SSH password authentication
@ -11,4 +12,21 @@
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
regexp: '^#?PasswordAuthentication ' regexp: '^#?PasswordAuthentication '
line: 'PasswordAuthentication no' line: 'PasswordAuthentication no'
when: not ssh_allow_password
notify: reload sshd service
- name: Restrict SSH to public key and password authentication
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?AuthenticationMethods '
line: 'AuthenticationMethods publickey password'
when: ssh_allow_password
notify: reload sshd service
- name: Enable SSH password authentication
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PasswordAuthentication '
line: 'PasswordAuthentication yes'
when: ssh_allow_password
notify: reload sshd service notify: reload sshd service
Loading…
Cancel
Save