28 lines
713 B
YAML
28 lines
713 B
YAML
---
|
|
# SSH
|
|
- name: Curl SSH trusted CA
|
|
get_url:
|
|
url: https://vault.ducoterra.net/v1/ssh-client-signer/public_key
|
|
dest: /etc/ssh/trusted-user-ca-keys.pem
|
|
mode: '0660'
|
|
become: yes
|
|
- name: Create sshd_config file
|
|
copy:
|
|
dest: "/etc/ssh/sshd_config"
|
|
content: |
|
|
AuthorizedKeysFile .ssh/authorized_keys
|
|
PasswordAuthentication no
|
|
KbdInteractiveAuthentication no
|
|
UsePAM yes
|
|
Subsystem sftp internal-sftp
|
|
PrintMotd no # pam does that
|
|
TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
|
|
become: yes
|
|
- name: Ensure ssh service started
|
|
ansible.builtin.systemd:
|
|
name: sshd
|
|
state: restarted
|
|
daemon_reload: yes
|
|
enabled: yes
|
|
become: yes
|