57 lines
1.3 KiB
YAML
57 lines
1.3 KiB
YAML
---
|
|
- name: install ssh configuration files
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: "/{{ item }}"
|
|
mode: 0644
|
|
notify:
|
|
- restart ssh
|
|
loop:
|
|
- etc/ssh/ssh_config
|
|
- etc/ssh/sshd_config
|
|
- etc/ssh/shosts.equiv
|
|
- etc/ssh/ssh_known_hosts
|
|
- etc/pam.d/sshd
|
|
|
|
- name: clean up unwanted ssh host keys (DSA and ECDSA)
|
|
file:
|
|
name: "{{ item }}"
|
|
state: absent
|
|
notify:
|
|
- restart ssh
|
|
loop:
|
|
- /etc/ssh/ssh_host_dsa_key
|
|
- /etc/ssh/ssh_host_dsa_key.pub
|
|
- /etc/ssh/ssh_host_ecdsa_key
|
|
- /etc/ssh/ssh_host_ecdsa_key.pub
|
|
|
|
- name: correct permissions on host keys
|
|
file:
|
|
dest: "{{ item.name }}"
|
|
mode: "{{ item.mode }}"
|
|
loop:
|
|
- name: /etc/ssh/ssh_host_rsa_key
|
|
mode: "0600"
|
|
- name: /etc/ssh/ssh_host_rsa_key.pub
|
|
mode: "0644"
|
|
- name: /etc/ssh/ssh_host_ed25519_key
|
|
mode: "0600"
|
|
- name: /etc/ssh/ssh_host_ed25519_key.pub
|
|
mode: "0644"
|
|
|
|
- name: install fail2ban configuration files
|
|
template:
|
|
src: "{{ item }}.j2"
|
|
dest: "/{{ item }}"
|
|
mode: 0644
|
|
notify:
|
|
- restart fail2ban
|
|
loop:
|
|
- etc/fail2ban/action.d/route.conf
|
|
- etc/fail2ban/filter.d/sshd.conf
|
|
- etc/fail2ban/jail.d/global.local
|
|
- etc/fail2ban/jail.d/sshd.conf
|
|
- etc/fail2ban/jail.d/sshd.local
|
|
|
|
- meta: flush_handlers
|