25 lines
527 B
YAML
25 lines
527 B
YAML
---
|
|
- name: Disable root authentication
|
|
replace:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '#PermitRootLogin prohibit-password'
|
|
replace: 'PermitRootLogin no'
|
|
|
|
- name: Disable X11 forwarding
|
|
replace:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: 'X11Forwarding yes'
|
|
replace: 'X11Forwarding no'
|
|
|
|
- name: Explicitly only listen on ipv4
|
|
replace:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '#AddressFamily any'
|
|
replace: 'AddressFamily inet'
|
|
|
|
- name: "Restart sshd"
|
|
service:
|
|
name: sshd
|
|
state: restarted
|
|
...
|