From 91c91f2360ebdc53dd0697b7621d20b0762fa113 Mon Sep 17 00:00:00 2001 From: Andrea Cimbalo Date: Sun, 2 Jul 2017 23:53:56 +0200 Subject: [PATCH] Remove ssh root login with password --- roles/ssh_server/tasks/main.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/ssh_server/tasks/main.yaml b/roles/ssh_server/tasks/main.yaml index 1902679..a182a17 100644 --- a/roles/ssh_server/tasks/main.yaml +++ b/roles/ssh_server/tasks/main.yaml @@ -111,6 +111,13 @@ regexp: '^TrustedUserCAKeys *' notify: restart ssh +- name: permit root login only with certificate + lineinfile: + line: 'PermitRootLogin without-password' + dest: '/etc/ssh/sshd_config' + regexp: '^PermitRootLogin *' + notify: restart ssh + - meta: flush_handlers - name: "waiting for ssh on {{ ansible_docker_extra_args | default(inventory_hostname) }} to start"