Merge pull request #2 from f2k1de/sshd_passwordless

Disallow Password Auth for SSH
5 years ago · aaefbb0370
parent ef3346523d b4ab97be5a
commit aaefbb0370
2 changed files with 16 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -14,3 +14,5 @@
      group: root
      mode: 0644
    when: motd_path is defined
+
+  - include: sshd.yml
--- a/tasks/sshd.yml
+++ b/tasks/sshd.yml
@ -0,0 +1,14 @@
+---
+- name: Restrict SSH to public key authentication
+    lineinfile:
+      path: /etc/ssh/sshd_config
+      regexp: '^#?AuthenticationMethods '
+      line: 'AuthenticationMethods publickey'
+    service: name=sshd state=restarted
+  
+  - name: Disable SSH password authentication
+    lineinfile:
+      path: /etc/ssh/sshd_config
+      regexp: '^#?PasswordAuthentication '
+      line: 'PasswordAuthentication no'
+    service: name=sshd state=restarted