Group controls, hostkey protection, and typo correction in SSH

This commit is contained in:
DarkFeather 2020-12-25 05:40:57 -06:00
parent 432cc36ef8
commit 17a9e9ef7d
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
1 changed files with 28 additions and 1 deletions

View File

@ -10,7 +10,7 @@
- name: SSH Config - name: SSH Config
become: yes become: yes
copy: copy:
src: sshd_config src: ssh_config
dest: /etc/ssh/ssh_config dest: /etc/ssh/ssh_config
- name: SSHD Config - name: SSHD Config
@ -19,3 +19,30 @@
src: sshd_config src: sshd_config
dest: /etc/ssh/sshd_config dest: /etc/ssh/sshd_config
- name: Mark SSH keys as immutable
become: yes
file:
path: "{{ item }}"
attributes: i
loop:
- /etc/ssh/ssh_host_ed25519_key
- /etc/ssh/ssh_host_ed25519_key.pub
- /etc/ssh/ssh_host_rsa_key
- /etc/ssh/ssh_host_rsa_key.pub
- name: Add SSH control groups
become: yes
group:
name: "{{ item }}"
state: present
loop:
- ssh-allow
- ssh-forward
- sftp-home-jail
- name: Add SSH user to ssh-allow
become: yes
user:
name: "{{ ansible_user_id }}"
groups: ssh-allow
append: yes