conf sshd_config
authoralexandre.domont@auf.org <alexandre.domont@auf.org>
Tue, 24 Jun 2014 16:19:12 +0000 (18:19 +0200)
committeralexandre.domont@auf.org <alexandre.domont@auf.org>
Tue, 24 Jun 2014 16:19:12 +0000 (18:19 +0200)
paris/serveurs/roles/ssh-server/tasks/main.yml
paris/serveurs/roles/ssh-server/tasks/main2.yml [new file with mode: 0644]
paris/serveurs/roles/ssh-server/tasks/main3.yml [new file with mode: 0644]

index 5279f80..57c0fea 100644 (file)
@@ -2,34 +2,26 @@
 # Paquets indispensables : Sudo, SSH et Python
 
   - name: PasswordAuthentication
-    lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present
-    notify: 
-     - Restart sshd
+    lineinfile: 
+     dest=/etc/ssh/sshd_config 
+     regexp='{{ item.a }}'
+     line='{{ item.b }}' 
+     state=present
+    with_items:
+     - { a: '^PermitEmptyPasswords', b: 'PermitEmptyPasswords no' }
+     - { a: '^X11Forwarding', b: 'X11Forwarding no' }
+     - { a: '^UsePAM', b: 'UsePAM yes' }
+     - { a: '^UseDNS', b: 'UseDNS no' }
+     - { a: '^PasswordAuthentication', b: 'PasswordAuthentication no' }
+     - { a: '^MaxAuthTries', b: 'MaxAuthTries 3' }
+     - { a: '^LoginGraceTime', b: 'LoginGraceTime 30' }
+     - { a: '^PrintLastLog', b: 'PrintLastLog yes' }
+     - { a: '^PermitUserEnvironment', b: 'PermitUserEnvironment no' }
+     - { a: '^AllowTcpForwarding', b: 'AllowTcpForwarding no' }
 
-  - name: PermitRootLogin
-    lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin" line="PermitRootLogin no" state=present 
     notify: 
      - Restart sshd
 
-  - name: X11Forwarding
-    lineinfile: dest=/etc/ssh/sshd_config regexp="^X11Forwarding" line="X11Forwarding no" state=present
-    notify:
-     - Restart sshd
-
-  - name: ChallengeResponseAuthentication
-    lineinfile: dest=/etc/ssh/sshd_config regexp="^ChallengeResponseAuthentication" line="ChallengeResponseAuthentication no" state=present
-    notify:
-     - Restart sshd
-
-  - name: UsePAM
-    lineinfile: dest=/etc/ssh/sshd_config regexp="^UsePAM" line="UsePAM yes" state=present
-    notify:
-     - Restart sshd
-
-  - name: UseDNS
-    lineinfile: dest=/etc/ssh/sshd_config regexp="^UseDNS" line="UseDNS no" state=present
-    notify:
-     - Restart sshd
 
 
 
diff --git a/paris/serveurs/roles/ssh-server/tasks/main2.yml b/paris/serveurs/roles/ssh-server/tasks/main2.yml
new file mode 100644 (file)
index 0000000..b967eda
--- /dev/null
@@ -0,0 +1,14 @@
+# Le CT template doit avoir au minimum le user alex avec la clés SSH
+# Paquets indispensables : Sudo, SSH et Python
+
+  - name: PasswordAuthentication
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^ {{ item.a }}" line="{{ item.b }}" state=present
+    with_items:
+     - { a: 'PermitRootLogin',b:'PermitRootLogin no' }
+     - { a: 'PermitEmptyPassword',b:'PermitEmptyPassword no' } 
+    notify: 
+     - Restart sshd
+
+
+
+
diff --git a/paris/serveurs/roles/ssh-server/tasks/main3.yml b/paris/serveurs/roles/ssh-server/tasks/main3.yml
new file mode 100644 (file)
index 0000000..5279f80
--- /dev/null
@@ -0,0 +1,35 @@
+# Le CT template doit avoir au minimum le user alex avec la clés SSH
+# Paquets indispensables : Sudo, SSH et Python
+
+  - name: PasswordAuthentication
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present
+    notify: 
+     - Restart sshd
+
+  - name: PermitRootLogin
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin" line="PermitRootLogin no" state=present 
+    notify: 
+     - Restart sshd
+
+  - name: X11Forwarding
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^X11Forwarding" line="X11Forwarding no" state=present
+    notify:
+     - Restart sshd
+
+  - name: ChallengeResponseAuthentication
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^ChallengeResponseAuthentication" line="ChallengeResponseAuthentication no" state=present
+    notify:
+     - Restart sshd
+
+  - name: UsePAM
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^UsePAM" line="UsePAM yes" state=present
+    notify:
+     - Restart sshd
+
+  - name: UseDNS
+    lineinfile: dest=/etc/ssh/sshd_config regexp="^UseDNS" line="UseDNS no" state=present
+    notify:
+     - Restart sshd
+
+
+