proxmox: disable password SSH authentication
Apparently it’s not needed for cluster operations.
This commit is contained in:
parent
c585070edc
commit
e5b570ddad
|
|
@ -12,6 +12,12 @@
|
||||||
state: reloaded
|
state: reloaded
|
||||||
when: "'handler' not in ansible_skip_tags"
|
when: "'handler' not in ansible_skip_tags"
|
||||||
|
|
||||||
|
- name: reload sshd
|
||||||
|
service:
|
||||||
|
name: sshd
|
||||||
|
state: reloaded
|
||||||
|
when: "'handler' not in ansible_skip_tags"
|
||||||
|
|
||||||
- name: update package cache
|
- name: update package cache
|
||||||
package:
|
package:
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,18 @@
|
||||||
src: resolv.conf.j2
|
src: resolv.conf.j2
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Disable SSH password authentication
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/ssh/sshd_config
|
||||||
|
regexp: '^#?{{ item.key }}'
|
||||||
|
line: '{{ item.key }} {{ item.value }}'
|
||||||
|
loop:
|
||||||
|
- key: PasswordAuthentication
|
||||||
|
value: 'no'
|
||||||
|
- key: PermitRootLogin
|
||||||
|
value: 'prohibit-password'
|
||||||
|
notify: reload sshd
|
||||||
|
|
||||||
- include_tasks: network.yml
|
- include_tasks: network.yml
|
||||||
|
|
||||||
- name: Disable enterprise repositories
|
- name: Disable enterprise repositories
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue