18 lines
533 B
YAML
18 lines
533 B
YAML
---
|
|
|
|
- name: disable root login
|
|
replace:
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '^PermitRootLogin (yes|without-password|prohibit-password)'
|
|
replace: "PermitRootLogin no"
|
|
notify: reload sshd
|
|
|
|
### Disabled : it seems useless and too dangerous for now
|
|
# - name: remove root from AllowUsers directive
|
|
# replace:
|
|
# dest: /etc/ssh/sshd_config
|
|
# regexp: '^(AllowUsers ((?!root(?:@\S+)?).)*)(\sroot(?:@\S+)?|root(?:@\S+)?\s)(.*)$'
|
|
# replace: '\1\4'
|
|
# validate: '/usr/sbin/sshd -T -f %s'
|
|
# notify: reload sshd
|