-
-
Save Lewiscowles1986/048052e1ed92592100cb59575c8eb27d to your computer and use it in GitHub Desktop.
ansible-permit-root-login
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- hosts: all | |
gather_facts: true | |
vars: | |
pre_tasks: | |
- name: install python | |
raw: bash -c "test -e /usr/bin/python || (apt -qqy update && apt install -qqy python python-pip python3 python3-pip)" | |
register: output | |
changed_when: output.stdout != "" | |
tasks: | |
- name: Set authorized key for root user copying it from current user | |
authorized_key: | |
user: root | |
state: present | |
key: "{{ lookup('file', '/media/clients/clientname/2017_4096_rsa.pub') }}" | |
- name: Enabling ssh-key only root access | |
lineinfile: | |
dest: /etc/ssh/sshd_config | |
regexp: '^PermitRootLogin' | |
line: 'PermitRootLogin without-password' | |
notify: | |
- restart_sshd | |
- restart_ssh | |
handlers: | |
- name: restart_sshd | |
service: | |
name: sshd | |
state: restarted | |
enabled: true | |
when: ansible_distribution == 'RedHat' | |
- name: restart_ssh | |
service: | |
name: ssh | |
state: restarted | |
enabled: true | |
when: ansible_distribution == 'Debian' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment