1
0
Fork 0
home-ansible/roles/ssh/tasks/main.yml

37 lines
771 B
YAML
Raw Normal View History

2022-12-21 22:56:39 -05:00
---
- name: Block root and password authentication
lineinfile:
path: /etc/ssh/sshd_config
regexp: '{{ item.regexp }}'
line: '{{ item.line }}'
validate: 'sshd -T -f %s'
state: present
with_items:
- regexp: '^PasswordAuthentication'
line: 'PasswordAuthentication no'
- regexp: '^PermitRootLogin'
line: 'PermitRootLogin no'
notify: Restart ssh
- name: Install fail2ban
apt:
name: fail2ban
state: present
- name: Configure fail2ban
blockinfile:
path: /etc/fail2ban/jail.local
create: yes
mode: 0644
block: |
[sshd]
enabled = true
filter = sshd
2023-02-19 19:33:15 -05:00
# notify: Restart fail2ban
2022-12-21 22:56:39 -05:00
2023-05-16 18:41:39 -04:00
- name: Turn fail2ban off for now
2022-12-21 22:56:39 -05:00
service:
name: fail2ban
2023-02-19 19:33:15 -05:00
enabled: false
state: stopped