You've already forked ssh-protect
31 lines
764 B
YAML
31 lines
764 B
YAML
---
|
|
- name: Delete i attr from authorized_keys file
|
|
ansible.builtin.file:
|
|
path: /root/.ssh/authorized_keys
|
|
attr: '-i'
|
|
|
|
- name: Write ssh keys
|
|
template:
|
|
src: "authorized_keys.j2"
|
|
dest: "/root/.ssh/authorized_keys"
|
|
mode: 0600
|
|
|
|
- name: Set i attr from authorized_keys file
|
|
ansible.builtin.file:
|
|
path: /root/.ssh/authorized_keys
|
|
attr: 'i'
|
|
|
|
- name: Authentication method public key only
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
search_string: '^#?AuthenticationMethods'
|
|
line: AuthenticationMethods publickey
|
|
notify: restart sshd
|
|
|
|
- name: Disable password authentication
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
search_string: '^#?PasswordAuthentication'
|
|
line: PasswordAuthentication no
|
|
notify: restart sshd
|