Select Page

– name: modify sshd_config on remote machine
hosts: myremotehost
become: yes
become_method: sudo

vars:
sshdconfig: /etc/ssh/sshd_config

tasks:
– name: add port 2255
lineinfile: dest="{{ sshdconfig }}" regexp="^Port 22" line="Port 2255" insertafter="^# What " state=present

– name: add port 26
lineinfile: dest="{{ sshdconfig }}" regexp="^Port 26" line="Port 26" insertafter="^Port 2255" state=present

– name: unset UsePAM yes
lineinfile: dest="{{ sshdconfig }}" regexp="^[#]*UsePAM yes" line="#UsePAM yes" state=present

– name: set UsePAM no
lineinfile: dest="{{ sshdconfig }}" insertafter="^#UsePAM yes" line="UsePAM no" state=present

– name: unset existing PermitRootLogin
lineinfile: dest="{{ sshdconfig }}" regexp="^[#]*PermitRootLogin without-password" line="#PermitRootLogin without-password" state=present

– name: set PermitRootLogin yes
lineinfile: dest="{{ sshdconfig }}" insertafter="^#PermitRootLogin without-password" line="PermitRootLogin yes" state=present

– name: add ssh users with password authentication
blockinfile:
dest: "{{ sshdconfig }}"
state: present
marker: "# {mark} ssh user {{item}} – inserted by ansible – do not delete these marking lines"
block: |

Match user {{item}}
ChrootDirectory %h
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
PasswordAuthentication yes

with_items:
– ….list of users…..

– name: reload ssh service
service: name=ssh state=reloaded