From 5f0771d68b4fc99c68c76e1d86ab18d185b46319 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Sun, 11 Jun 2023 12:51:28 +0200
Subject: [PATCH] ssh-server: RHEL support
---
ssh-server/handlers/main.yml | 4 ++--
ssh-server/tasks/main.yml | 41 ++++++++++++++++++++++++------------
2 files changed, 30 insertions(+), 15 deletions(-)
diff --git a/ssh-server/handlers/main.yml b/ssh-server/handlers/main.yml
index d796ac6..af76862 100644
--- a/ssh-server/handlers/main.yml
+++ b/ssh-server/handlers/main.yml
@@ -1,6 +1,6 @@
---
-- name: restart sshd
+- name: restart ssh
service:
- name: ssh
+ name: sshd
state: restarted
diff --git a/ssh-server/tasks/main.yml b/ssh-server/tasks/main.yml
index ef491fd..5b73626 100644
--- a/ssh-server/tasks/main.yml
+++ b/ssh-server/tasks/main.yml
@@ -2,7 +2,7 @@
# file: roles/common/tasks/sshd.yml
- name: ensure sshd is installed
- apt:
+ package:
name: openssh-server
state: present
tags:
@@ -17,7 +17,9 @@
mode: '0644'
backup: true
validate: '/usr/sbin/sshd -t -f %s'
- when: ansible_distribution_major_version|int(default=99) < 11
+ when:
+ - is_debian
+ - ansible_distribution_major_version|int(default=99) < 11
notify:
- restart sshd
tags:
@@ -32,7 +34,9 @@
mode: '0644'
backup: true
validate: '/usr/sbin/sshd -t -f %s'
- when: ansible_distribution_major_version|int(default=99) > 10
+ when:
+ - is_debian
+ - ansible_distribution_major_version|int(default=99) > 10
notify:
- restart sshd
tags:
@@ -47,7 +51,7 @@
mode: '0644'
backup: true
validate: '/usr/sbin/sshd -t -f %s'
- when: ansible_distribution_major_version|int(default=99) > 10
+ when: not is_debian or ansible_distribution_major_version|int(default=99) > 10
with_items:
- authentication.conf
- banner.conf
@@ -55,7 +59,7 @@
- forwarding.conf
- groups.conf
notify:
- - restart sshd
+ - restart ssh
tags:
- ssh
@@ -67,7 +71,9 @@
group: root
mode: '0644'
backup: true
- when: ansible_distribution_major_version|int(default=99) < 11
+ when:
+ - is_debian
+ - ansible_distribution_major_version|int(default=99) < 11
tags:
- ssh
@@ -79,7 +85,9 @@
group: root
mode: '0644'
backup: true
- when: ansible_distribution_major_version|int(default=99) > 10
+ when:
+ - is_debian
+ - ansible_distribution_major_version|int(default=99) > 10
tags:
- ssh
@@ -91,7 +99,7 @@
group: root
mode: '0644'
backup: true
- when: ansible_distribution_major_version|int(default=99) > 10
+ when: not is_debian or ansible_distribution_major_version|int(default=99) > 10
with_items:
- gssapi.conf
- sshfp.conf
@@ -105,8 +113,9 @@
owner: root
group: root
mode: '0644'
+ when: is_debian
notify:
- - restart sshd
+ - restart ssh
tags:
- ssh
@@ -114,7 +123,9 @@
command: pam-auth-update --enable mkhomedir --force
environment:
DEBIAN_FRONTEND: noninteractive
- when: ssh_mkhomedir
+ when:
+ - ssh_mkhomedir
+ - is_debian
tags:
- ssh
- pam
@@ -123,14 +134,16 @@
command: pam-auth-update --remove mkhomedir --force
environment:
DEBIAN_FRONTEND: noninteractive
- when: not ssh_mkhomedir
+ when:
+ - not ssh_mkhomedir
+ - is_debian
tags:
- ssh
- pam
- name: ensure sshd is running and enabled
service:
- name: ssh
+ name: ssh{{ "d" if is_rhel }}
state: started
enabled: true
tags:
@@ -192,7 +205,7 @@
- root
- name: ensure we fail2ban bad people
- apt:
+ package:
name: fail2ban
state: present
tags:
@@ -202,6 +215,7 @@
apt:
name: molly-guard
state: present
+ when: is_debian
tags:
- molly
- shell
@@ -214,6 +228,7 @@
owner: root
group: root
mode: '0644'
+ when: is_debian
tags:
- molly
- shell
--
GitLab