INT 21h

Select language

Ansible: switch SSHd to use public key auth only, block password auth

№ 9447 В разделе Sysadmin от September 28th, 2018,
В подшивках: , ,

This task regexps sshd_config for specific option and sets value to yes. If option not found it will be added to the end of file.

Options you want to change:

    sshd_options:
      PubkeyAuthentication: "yes"
      PasswordAuthentication: "no"

Now remove from config all options you want to change:

- name: Remove all marked options from config
  become: yes
  lineinfile:
    path: "{{ sshd_config_path }}"
    state: absent
    regexp: '{{ item.key }}'
  with_dict: "{{ sshd_options }}"
  when: sshd_options != None and sshd_options is defined

Nice, now add your options to sshd config:

- name: Add marked options to config
  become: yes
  lineinfile:
    path: "{{ sshd_config_path }}"
    state: present
    line: '{{ item.key }} {{ item.value }}'
  with_dict: "{{ sshd_options }}"
  when: sshd_options != None and sshd_options is defined

If you want replace string option:

- name: Set PubkeyAuthentication = yes
  become: yes
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^PubkeyAuthentication no'
    line: 'PubkeyAuthentication yes'

Full sample here https://git.blindage.org/21h/ansible-library/src/branch/pubkey_sshd

Нет комментариев »

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*

Облачная платформа
Яндекс.Метрика

Fortune cookie: Q: How can a real man tell when his girl friend's having an orgasm? A: Real men don't care.