# Paquets indispensables : Sudo, SSH et Python
- name: PasswordAuthentication
- lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present
- notify:
- - Restart sshd
+ lineinfile:
+ dest=/etc/ssh/sshd_config
+ regexp='{{ item.a }}'
+ line='{{ item.b }}'
+ state=present
+ with_items:
+ - { a: '^PermitEmptyPasswords', b: 'PermitEmptyPasswords no' }
+ - { a: '^X11Forwarding', b: 'X11Forwarding no' }
+ - { a: '^UsePAM', b: 'UsePAM yes' }
+ - { a: '^UseDNS', b: 'UseDNS no' }
+ - { a: '^PasswordAuthentication', b: 'PasswordAuthentication no' }
+ - { a: '^MaxAuthTries', b: 'MaxAuthTries 3' }
+ - { a: '^LoginGraceTime', b: 'LoginGraceTime 30' }
+ - { a: '^PrintLastLog', b: 'PrintLastLog yes' }
+ - { a: '^PermitUserEnvironment', b: 'PermitUserEnvironment no' }
+ - { a: '^AllowTcpForwarding', b: 'AllowTcpForwarding no' }
- - name: PermitRootLogin
- lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin" line="PermitRootLogin no" state=present
notify:
- Restart sshd
- - name: X11Forwarding
- lineinfile: dest=/etc/ssh/sshd_config regexp="^X11Forwarding" line="X11Forwarding no" state=present
- notify:
- - Restart sshd
-
- - name: ChallengeResponseAuthentication
- lineinfile: dest=/etc/ssh/sshd_config regexp="^ChallengeResponseAuthentication" line="ChallengeResponseAuthentication no" state=present
- notify:
- - Restart sshd
-
- - name: UsePAM
- lineinfile: dest=/etc/ssh/sshd_config regexp="^UsePAM" line="UsePAM yes" state=present
- notify:
- - Restart sshd
-
- - name: UseDNS
- lineinfile: dest=/etc/ssh/sshd_config regexp="^UseDNS" line="UseDNS no" state=present
- notify:
- - Restart sshd
--- /dev/null
+# Le CT template doit avoir au minimum le user alex avec la clés SSH
+# Paquets indispensables : Sudo, SSH et Python
+
+ - name: PasswordAuthentication
+ lineinfile: dest=/etc/ssh/sshd_config regexp="^ {{ item.a }}" line="{{ item.b }}" state=present
+ with_items:
+ - { a: 'PermitRootLogin',b:'PermitRootLogin no' }
+ - { a: 'PermitEmptyPassword',b:'PermitEmptyPassword no' }
+ notify:
+ - Restart sshd
+
+
+
+
--- /dev/null
+# Le CT template doit avoir au minimum le user alex avec la clés SSH
+# Paquets indispensables : Sudo, SSH et Python
+
+ - name: PasswordAuthentication
+ lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present
+ notify:
+ - Restart sshd
+
+ - name: PermitRootLogin
+ lineinfile: dest=/etc/ssh/sshd_config regexp="^PermitRootLogin" line="PermitRootLogin no" state=present
+ notify:
+ - Restart sshd
+
+ - name: X11Forwarding
+ lineinfile: dest=/etc/ssh/sshd_config regexp="^X11Forwarding" line="X11Forwarding no" state=present
+ notify:
+ - Restart sshd
+
+ - name: ChallengeResponseAuthentication
+ lineinfile: dest=/etc/ssh/sshd_config regexp="^ChallengeResponseAuthentication" line="ChallengeResponseAuthentication no" state=present
+ notify:
+ - Restart sshd
+
+ - name: UsePAM
+ lineinfile: dest=/etc/ssh/sshd_config regexp="^UsePAM" line="UsePAM yes" state=present
+ notify:
+ - Restart sshd
+
+ - name: UseDNS
+ lineinfile: dest=/etc/ssh/sshd_config regexp="^UseDNS" line="UseDNS no" state=present
+ notify:
+ - Restart sshd
+
+
+