diff --git a/roles/debian/handlers/main.yml b/roles/debian/handlers/main.yml index b6b8c36..49b89db 100644 --- a/roles/debian/handlers/main.yml +++ b/roles/debian/handlers/main.yml @@ -5,3 +5,9 @@ - name: reload interfaces command: ifreload -a when: "'handler' not in ansible_skip_tags" + +- name: reload sshd + service: + name: sshd + state: reloaded + when: "'handler' not in ansible_skip_tags" diff --git a/roles/debian/tasks/main.yml b/roles/debian/tasks/main.yml index 2a39abc..8a6ffac 100644 --- a/roles/debian/tasks/main.yml +++ b/roles/debian/tasks/main.yml @@ -54,6 +54,18 @@ mode: 0644 notify: reload interfaces +- name: Disable SSH password authentication + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#?{{ item.key }}' + line: '{{ item.key }} {{ item.value }}' + loop: + - key: PasswordAuthentication + value: 'no' + - key: PermitRootLogin + value: 'prohibit-password' + notify: reload sshd + - name: Run SSH instance in management VRF when: interfaces | selectattr('vrf') | selectattr('vrf.name', '==', 'mgmt') block: diff --git a/roles/proxmox-backup/handlers/main.yml b/roles/proxmox-backup/handlers/main.yml index d20c9e9..1ea07da 100644 --- a/roles/proxmox-backup/handlers/main.yml +++ b/roles/proxmox-backup/handlers/main.yml @@ -22,3 +22,9 @@ name: postfix state: reloaded when: "'handler' not in ansible_skip_tags" + +- name: reload sshd + service: + name: sshd + state: reloaded + when: "'handler' not in ansible_skip_tags" diff --git a/roles/proxmox-backup/tasks/main.yml b/roles/proxmox-backup/tasks/main.yml index b3f35b9..9f9db9e 100644 --- a/roles/proxmox-backup/tasks/main.yml +++ b/roles/proxmox-backup/tasks/main.yml @@ -58,6 +58,18 @@ mode: 0644 notify: reload interfaces +- name: Disable SSH password authentication + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#?{{ item.key }}' + line: '{{ item.key }} {{ item.value }}' + loop: + - key: PasswordAuthentication + value: 'no' + - key: PermitRootLogin + value: 'prohibit-password' + notify: reload sshd + - name: Run SSH instance in management VRF when: interfaces | selectattr('vrf') | selectattr('vrf.name', '==', 'mgmt') block: