INT 21h

Hi, I am Vladimir Smagin, SysAdmin, DevOps and barely good guy. Telegram Email / GIT / Микроблог / Thingiverse / GPG

Ansible: switch SSHd to use public key auth only, block password auth

№ 9447 В разделе "Администрирование" от September 28th, 2018,

This task regexps sshd_config for specific option and sets value to yes. If option not found it will be added to the end of file.

Options you want to change:

    sshd_options:
      PubkeyAuthentication: "yes"
      PasswordAuthentication: "no" 

Now remove from config all options you want to change:

- name: Remove all marked options from config
  become: yes
  lineinfile:
    path: "{{ sshd_config_path }}"
    state: absent
    regexp: '{{ item.key }}'
  with_dict: "{{ sshd_options }}"
  when: sshd_options != None and sshd_options is defined

Nice, now add your options to sshd config:

- name: Add marked options to config
  become: yes
  lineinfile:
    path: "{{ sshd_config_path }}"
    state: present
    line: '{{ item.key }} {{ item.value }}'
  with_dict: "{{ sshd_options }}"
  when: sshd_options != None and sshd_options is defined

If you want replace string option:

- name: Set PubkeyAuthentication = yes
  become: yes
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^PubkeyAuthentication no'
    line: 'PubkeyAuthentication yes'

Full sample here https://git.blindage.org/21h/ansible-library/src/branch/pubkey_sshd

Нет комментариев »

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Микроблог перейти

# 2019-04-14 20:17:08

офигенный проект БК на rasperry pi www.drive2.ru/b/3013396/

# 2019-04-05 19:15:52

habr.com/ru/company/oleg-bunin

# 2019-03-29 19:32:52

Интересное SDK на NodeJS для программирования ESP8266 nodered.org/


© Vladimir Smagin, 2005-2019. Копирование материалов без разрешения запрещено. GPG DA4CD0F5E222EA727D6A40C413BCE12E5618F071 *
Яндекс.Метрика

Fortune cookie: Today's spam: Re: I destroyed this IittIe sIuuts face indwell entail