Skip to content
Snippets Groups Projects
Commit c8351162 authored by Thomas Schneider's avatar Thomas Schneider
Browse files

ssh-server: RHEL support

parent 724c16f0
Branches
No related tags found
No related merge requests found
--- ---
- name: restart sshd - name: restart ssh
service: service:
name: ssh name: sshd
state: restarted state: restarted
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# file: roles/common/tasks/sshd.yml # file: roles/common/tasks/sshd.yml
- name: ensure sshd is installed - name: ensure sshd is installed
apt: package:
name: openssh-server name: openssh-server
state: present state: present
tags: tags:
...@@ -17,7 +17,9 @@ ...@@ -17,7 +17,9 @@
mode: '0644' mode: '0644'
backup: true backup: true
validate: '/usr/sbin/sshd -t -f %s' validate: '/usr/sbin/sshd -t -f %s'
when: ansible_distribution_major_version|int(default=99) < 11 when:
- is_debian
- ansible_distribution_major_version|int(default=99) < 11
notify: notify:
- restart sshd - restart sshd
tags: tags:
...@@ -32,7 +34,9 @@ ...@@ -32,7 +34,9 @@
mode: '0644' mode: '0644'
backup: true backup: true
validate: '/usr/sbin/sshd -t -f %s' validate: '/usr/sbin/sshd -t -f %s'
when: ansible_distribution_major_version|int(default=99) > 10 when:
- is_debian
- ansible_distribution_major_version|int(default=99) > 10
notify: notify:
- restart sshd - restart sshd
tags: tags:
...@@ -47,7 +51,7 @@ ...@@ -47,7 +51,7 @@
mode: '0644' mode: '0644'
backup: true backup: true
validate: '/usr/sbin/sshd -t -f %s' validate: '/usr/sbin/sshd -t -f %s'
when: ansible_distribution_major_version|int(default=99) > 10 when: not is_debian or ansible_distribution_major_version|int(default=99) > 10
with_items: with_items:
- authentication.conf - authentication.conf
- banner.conf - banner.conf
...@@ -55,7 +59,7 @@ ...@@ -55,7 +59,7 @@
- forwarding.conf - forwarding.conf
- groups.conf - groups.conf
notify: notify:
- restart sshd - restart ssh
tags: tags:
- ssh - ssh
...@@ -67,7 +71,9 @@ ...@@ -67,7 +71,9 @@
group: root group: root
mode: '0644' mode: '0644'
backup: true backup: true
when: ansible_distribution_major_version|int(default=99) < 11 when:
- is_debian
- ansible_distribution_major_version|int(default=99) < 11
tags: tags:
- ssh - ssh
...@@ -79,7 +85,9 @@ ...@@ -79,7 +85,9 @@
group: root group: root
mode: '0644' mode: '0644'
backup: true backup: true
when: ansible_distribution_major_version|int(default=99) > 10 when:
- is_debian
- ansible_distribution_major_version|int(default=99) > 10
tags: tags:
- ssh - ssh
...@@ -91,7 +99,7 @@ ...@@ -91,7 +99,7 @@
group: root group: root
mode: '0644' mode: '0644'
backup: true backup: true
when: ansible_distribution_major_version|int(default=99) > 10 when: not is_debian or ansible_distribution_major_version|int(default=99) > 10
with_items: with_items:
- gssapi.conf - gssapi.conf
- sshfp.conf - sshfp.conf
...@@ -105,8 +113,9 @@ ...@@ -105,8 +113,9 @@
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
when: is_debian
notify: notify:
- restart sshd - restart ssh
tags: tags:
- ssh - ssh
...@@ -114,7 +123,9 @@ ...@@ -114,7 +123,9 @@
command: pam-auth-update --enable mkhomedir --force command: pam-auth-update --enable mkhomedir --force
environment: environment:
DEBIAN_FRONTEND: noninteractive DEBIAN_FRONTEND: noninteractive
when: ssh_mkhomedir when:
- ssh_mkhomedir
- is_debian
tags: tags:
- ssh - ssh
- pam - pam
...@@ -123,14 +134,16 @@ ...@@ -123,14 +134,16 @@
command: pam-auth-update --remove mkhomedir --force command: pam-auth-update --remove mkhomedir --force
environment: environment:
DEBIAN_FRONTEND: noninteractive DEBIAN_FRONTEND: noninteractive
when: not ssh_mkhomedir when:
- not ssh_mkhomedir
- is_debian
tags: tags:
- ssh - ssh
- pam - pam
- name: ensure sshd is running and enabled - name: ensure sshd is running and enabled
service: service:
name: ssh name: ssh{{ "d" if is_rhel }}
state: started state: started
enabled: true enabled: true
tags: tags:
...@@ -192,7 +205,7 @@ ...@@ -192,7 +205,7 @@
- root - root
- name: ensure we fail2ban bad people - name: ensure we fail2ban bad people
apt: package:
name: fail2ban name: fail2ban
state: present state: present
tags: tags:
...@@ -202,6 +215,7 @@ ...@@ -202,6 +215,7 @@
apt: apt:
name: molly-guard name: molly-guard
state: present state: present
when: is_debian
tags: tags:
- molly - molly
- shell - shell
...@@ -214,6 +228,7 @@ ...@@ -214,6 +228,7 @@
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
when: is_debian
tags: tags:
- molly - molly
- shell - shell
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment