fscotto/infra
1
0
Fork 0
mirror of https://github.com/fscotto/infra.git synced 2026-05-30 23:49:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Harden SSH access on server profile

Browse Source
This commit is contained in:
Fabio Scotto di Santolo
2026-03-25 22:26:07 +01:00
parent 3ee9bbf7b5
commit e17883f969
3 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
ansible/roles/profile_server/tasks/main.yml
View File

@@ -24,6 +24,27 @@
loop_control:
label: "{{ item.dest }}"
- name: Disable SSH root login on server
tags: [services]
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^\s*PermitRootLogin\s+'
line: "PermitRootLogin {{ server_sshd_settings.PermitRootLogin }}"
state: present
validate: "sshd -t -f %s"
notify: Reload SSH service
- name: Restrict SSH login to allowed users on server
tags: [services]
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^\s*AllowUsers\s+'
line: "AllowUsers {{ server_sshd_allow_users | join(' ') }}"
state: present
validate: "sshd -t -f %s"
notify: Reload SSH service
when: (server_sshd_allow_users | default([])) | length > 0
- name: Apply server UFW rules
tags: [services, packages]
community.general.ufw: