Select Git revision
repo_packages.sh
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
main.yml 2.94 KiB
---
# file: roles/common/tasks/sshd.yml
- name: ensure sshd is installed
apt:
name: openssh-server
state: present
tags:
- ssh
- name: ensure sshd is configured
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: '0644'
backup: true
validate: '/usr/sbin/sshd -t -f %s'
notify:
- restart sshd
tags:
- ssh
- name: ensure ssh is configured
template:
src: ssh_config.j2
dest: /etc/ssh/ssh_config
owner: root
group: root
mode: '0644'
backup: true
when: debian_version != "jessie"
tags:
- ssh
- name: ensure standard pam configuration for sshd
copy:
src: pam/sshd
dest: /etc/pam.d/sshd
owner: root
group: root
mode: '0644'
notify:
- restart sshd
tags:
- ssh
- name: ensure pam creates a home directory
command: pam-auth-update --enable mkhomedir --force
environment:
DEBIAN_FRONTEND: noninteractive
when: ssh_mkhomedir
tags:
- ssh
- pam
- name: ensure pam doesn't create a home directory
command: pam-auth-update --remove mkhomedir --force
environment:
DEBIAN_FRONTEND: noninteractive
when: not ssh_mkhomedir
tags:
- ssh
- pam
- name: ensure sshd is running and enabled
service:
name: ssh
state: started