diff --git a/ssh-server/handlers/main.yml b/ssh-server/handlers/main.yml index d796ac6c0fe039b43ca7f04771a71b02cdc26d0a..af768622e247bb4d9da2f9a77480b1d675cc5168 100644 --- a/ssh-server/handlers/main.yml +++ b/ssh-server/handlers/main.yml @@ -1,6 +1,6 @@ --- -- name: restart sshd +- name: restart ssh service: - name: ssh + name: sshd state: restarted diff --git a/ssh-server/tasks/main.yml b/ssh-server/tasks/main.yml index ef491fdfec4e73bb932dfc437aabb84a387af5a5..5b7362680bc29e4eac943861f1e84e1d48fb646f 100644 --- a/ssh-server/tasks/main.yml +++ b/ssh-server/tasks/main.yml @@ -2,7 +2,7 @@ # file: roles/common/tasks/sshd.yml - name: ensure sshd is installed - apt: + package: name: openssh-server state: present tags: @@ -17,7 +17,9 @@ mode: '0644' backup: true validate: '/usr/sbin/sshd -t -f %s' - when: ansible_distribution_major_version|int(default=99) < 11 + when: + - is_debian + - ansible_distribution_major_version|int(default=99) < 11 notify: - restart sshd tags: @@ -32,7 +34,9 @@ mode: '0644' backup: true validate: '/usr/sbin/sshd -t -f %s' - when: ansible_distribution_major_version|int(default=99) > 10 + when: + - is_debian + - ansible_distribution_major_version|int(default=99) > 10 notify: - restart sshd tags: @@ -47,7 +51,7 @@ mode: '0644' backup: true validate: '/usr/sbin/sshd -t -f %s' - when: ansible_distribution_major_version|int(default=99) > 10 + when: not is_debian or ansible_distribution_major_version|int(default=99) > 10 with_items: - authentication.conf - banner.conf @@ -55,7 +59,7 @@ - forwarding.conf - groups.conf notify: - - restart sshd + - restart ssh tags: - ssh @@ -67,7 +71,9 @@ group: root mode: '0644' backup: true - when: ansible_distribution_major_version|int(default=99) < 11 + when: + - is_debian + - ansible_distribution_major_version|int(default=99) < 11 tags: - ssh @@ -79,7 +85,9 @@ group: root mode: '0644' backup: true - when: ansible_distribution_major_version|int(default=99) > 10 + when: + - is_debian + - ansible_distribution_major_version|int(default=99) > 10 tags: - ssh @@ -91,7 +99,7 @@ group: root mode: '0644' backup: true - when: ansible_distribution_major_version|int(default=99) > 10 + when: not is_debian or ansible_distribution_major_version|int(default=99) > 10 with_items: - gssapi.conf - sshfp.conf @@ -105,8 +113,9 @@ owner: root group: root mode: '0644' + when: is_debian notify: - - restart sshd + - restart ssh tags: - ssh @@ -114,7 +123,9 @@ command: pam-auth-update --enable mkhomedir --force environment: DEBIAN_FRONTEND: noninteractive - when: ssh_mkhomedir + when: + - ssh_mkhomedir + - is_debian tags: - ssh - pam @@ -123,14 +134,16 @@ command: pam-auth-update --remove mkhomedir --force environment: DEBIAN_FRONTEND: noninteractive - when: not ssh_mkhomedir + when: + - not ssh_mkhomedir + - is_debian tags: - ssh - pam - name: ensure sshd is running and enabled service: - name: ssh + name: ssh{{ "d" if is_rhel }} state: started enabled: true tags: @@ -192,7 +205,7 @@ - root - name: ensure we fail2ban bad people - apt: + package: name: fail2ban state: present tags: @@ -202,6 +215,7 @@ apt: name: molly-guard state: present + when: is_debian tags: - molly - shell @@ -214,6 +228,7 @@ owner: root group: root mode: '0644' + when: is_debian tags: - molly - shell