xoxys.sshd/tasks/ssh_univention.yml

47 lines
1.6 KiB
YAML
Raw Normal View History

2019-11-02 18:10:39 +00:00
---
2024-02-18 12:22:43 +00:00
- name: Hardening sshd config
xoxys.general.ucr:
2024-02-18 12:22:43 +00:00
path: "{{ item.path }}"
value: "{{ item.value }}"
loop:
- path: sshd/permitroot
value: "{{ sshd_permit_root_login | default('') }}"
- path: sshd/PermitEmptyPasswords
value: "{{ sshd_permit_empty_passwords | default('') }}"
- path: sshd/permitroot
value: "{{ sshd_permit_root_login | default('') }}"
- path: sshd/passwordauthentication
value: "{{ sshd_password_authentication | default('') }}"
- path: sshd/challengeresponse
value: "{{ sshd_password_authentication | default('') }}"
- path: sshd/IgnoreRhosts
value: "{{ sshd_ignore_rhosts | default('') }}"
- path: sshd/HostbasedAuthentication
value: "{{ sshd_hostbased_authentication | default('') }}"
- path: sshd/ClientAliveInterval
value: "{{ sshd_client_alive_interval | default('') }}"
- path: sshd/ClientAliveCountMax
value: "{{ sshd_client_alive_count_max | default('') }}"
- path: sshd/Ciphers
value: "{{ sshd_ciphers | default('[]') | join(',') }}"
- path: sshd/KexAlgorithms
value: "{{ sshd_kex | default('[]') | join(',') }}"
- path: sshd/MACs
value: "{{ sshd_macs | default('[]') | join(',') }}"
loop_control:
label: "{{ item.path }}={{ item.value }}"
2024-02-18 12:22:43 +00:00
notify: __sshd_restart
2019-11-02 18:10:39 +00:00
2024-02-18 12:22:43 +00:00
- name: Set allowed ssh groups
xoxys.general.ucr:
2024-02-18 12:22:43 +00:00
path: "auth/sshd/group/{{ item }}"
value: "yes"
loop: "{{ sshd_allow_groups }}"
2019-11-02 18:10:39 +00:00
2024-02-18 12:22:43 +00:00
- name: Create SSH Usergroup
ansible.builtin.group:
name: "{{ item }}"
system: "yes"
state: present
loop: "{{ sshd_allow_groups }}"