INT 21h

Hi, I am Vladimir Smagin, SysAdmin. Telegram Email GPG / Микроблог

Ansible: switch SSHd to use public key auth only, block password auth

№ 9447 В разделе "Администрирование" от September 28th, 2018,

This task regexps sshd_config for specific option and sets value to yes. If option not found it will be added to the end of file.

Options you want to change:

    sshd_options:
      PubkeyAuthentication: "yes"
      PasswordAuthentication: "no" 

Now remove from config all options you want to change:

- name: Remove all marked options from config
  become: yes
  lineinfile:
    path: "{{ sshd_config_path }}"
    state: absent
    regexp: '{{ item.key }}'
  with_dict: "{{ sshd_options }}"
  when: sshd_options != None and sshd_options is defined

Nice, now add your options to sshd config:

- name: Add marked options to config
  become: yes
  lineinfile:
    path: "{{ sshd_config_path }}"
    state: present
    line: '{{ item.key }} {{ item.value }}'
  with_dict: "{{ sshd_options }}"
  when: sshd_options != None and sshd_options is defined

If you want replace string option:

- name: Set PubkeyAuthentication = yes
  become: yes
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^PubkeyAuthentication no'
    line: 'PubkeyAuthentication yes'

Full sample here https://git.blindage.org/21h/ansible-library/src/branch/pubkey_sshd

Нет комментариев »

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Микроблог перейти

# 2018-11-26 09:15:41

Обнаружил в kubedb код google analytics UA-62096468-20, слежка включена по умолчанию.

# 2018-11-24 23:30:12

Несложно смог контейнеризовать nginx unit с предзагрузкой конфигурации перед стартом контейнера blindage.org/?p=9575


© Vladimir Smagin, 2005-2018. Копирование материалов без разрешения запрещено. GPG 0x29AE91B1A37721C3
Яндекс.Метрика

Fortune cookie: I'm GLAD I remembered to XEROX all my UNDERSHIRTS!!