add a role that disables both password and challenge response

Former-commit-id: f31dc3c9

add a role that disables both password and challenge response
Former-commit-id: f31dc3c9
1d0cd20c · Chris Hines · d07ddd7e · 1d0cd20c · 1d0cd20c · 1d0cd20c
Commit 1d0cd20c authored 6 years ago by Chris Hines
--- a/roles/ssh-nopassword-login/handlers/main.yml
+++ b/roles/ssh-nopassword-login/handlers/main.yml
+- name: "restart sshd"
+  service: name=sshd state=restarted
+  sudo: true
+  when: ansible_os_family == "RedHat"
+- name: "restart ssh"
+  service: name=ssh state=restarted
+  sudo: true
+  when: ansible_os_family == "Debian"
--- a/roles/ssh-nopassword-login/tasks/main.yml
+++ b/roles/ssh-nopassword-login/tasks/main.yml
+- name: "Disable Challenge Response"
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    regexp: "ChallengeResponseAuthentication yes"
+    line: "ChallengeResponseAuthentication no" 
+    backrefs: yes
+  sudo: true
+  notify: 
+  - restart sshd
+  - restart ssh
+- name: "Disable Password"
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    regexp: "PasswordAuthentication yes"
+    line: "PasswordAuthentication no"
+    backrefs: yes
+  sudo: true
+  notify: 
+  - restart sshd
+  - restart ssh
--- a/roles/ssh-nopassword-login/tasks/main.yml~
+++ b/roles/ssh-nopassword-login/tasks/main.yml~
+- name: "Disable Challenge Response"
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    regexp: "ChallengeResponseAuthentication yes"
+    line: "ChallengeResponseAuthentication no" 
+    backrefs: yes
+  sudo: true
+  notify: 
+  - restart sshd
+  - restart ssh
+- name: "Disable Password"
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    regexp: "PasswordAuthentication yes"
+    line: "PasswordAuthentication no"
+    backrefs: yes
+  sudo: true
+  notify: 
+  - restart sshd
+  - restart ssh