tasks/ssh-config.yml

---
- name: Set the appropriate options in sshd_config file
  ansible.builtin.lineinfile:
    path: "{{ sshd_config_file }}"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: present
  with_items:
    - { regexp: "^#?PermitRootLogin", line: "PermitRootLogin no" }
    - { regexp: "^#?PubkeyAuthentication", line: "PubkeyAuthentication yes" }
    - { regexp: "^#?PubkeyAuthOptions", line: "PubkeyAuthOptions verify-required" } # to enable hardware token
    - { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication no" }
    - { regexp: "^#?KbdInteractiveAuthentication", line: "KbdInteractiveAuthentication no" }
    - { regexp: "^#?UsePAM", line: "UsePAM yes" } # If no, ansible (passwordless) will not be able to perform SSH
  notify: Restart sshd
Initial commit 2024-10-26 16:23:45 +02:00			`---`
			`- name: Set the appropriate options in sshd_config file`
			`ansible.builtin.lineinfile:`
			`path: "{{ sshd_config_file }}"`
			`regexp: "{{ item.regexp }}"`
			`line: "{{ item.line }}"`
			`state: present`
			`with_items:`
			`- { regexp: "^#?PermitRootLogin", line: "PermitRootLogin no" }`
			`- { regexp: "^#?PubkeyAuthentication", line: "PubkeyAuthentication yes" }`
			`- { regexp: "^#?PubkeyAuthOptions", line: "PubkeyAuthOptions verify-required" } # to enable hardware token`
			`- { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication no" }`
			`- { regexp: "^#?KbdInteractiveAuthentication", line: "KbdInteractiveAuthentication no" }`
			`- { regexp: "^#?UsePAM", line: "UsePAM yes" } # If no, ansible (passwordless) will not be able to perform SSH`
			`notify: Restart sshd`