proxmox: disable password SSH authentication

Apparently it’s not needed for cluster operations.

roles/proxmox/handlers/main.yml

@@ -12,6 +12,12 @@
     state: reloaded
   when: "'handler' not in ansible_skip_tags"
 
+- name: reload sshd
+  service:
+    name: sshd
+    state: reloaded
+  when: "'handler' not in ansible_skip_tags"
+
 - name: update package cache
   package:
     update_cache: yes

roles/proxmox/tasks/main.yml

@@ -18,6 +18,18 @@
     src: resolv.conf.j2
     mode: 0644
 
+- name: Disable SSH password authentication
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#?{{ item.key }}'
+    line: '{{ item.key }} {{ item.value }}'
+  loop:
+    - key: PasswordAuthentication
+      value: 'no'
+    - key: PermitRootLogin
+      value: 'prohibit-password'
+  notify: reload sshd
+
 - include_tasks: network.yml
 
 - name: Disable enterprise repositories