Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- - name: configure a user
- hosts: all
- sudo: yes
- gather_facts: False
- vars:
- # created with: openssl passwd -1 "baadal"
- baadal_password: $1$Ygfc1YR3$GV1GVKFZwSZiiHsa3DAo91
- tasks:
- - name: Add user baadal
- user: name=baadal password={{baadal_password}} shell=/bin/bash groups=root append=yes
- - name: Add user baadal to sudoers
- lineinfile:
- "dest=/etc/sudoers
- regexp='^baadal ALL'
- line='baadal ALL=(ALL) NOPASSWD: ALL'
- state=present"
- - name: Add SSH public key to user remote
- authorized_key:
- user=baadal
- key="{{ lookup('file', "../certs/nilesh.pub") }}"
- - name: Disallow root SSH access
- lineinfile:
- dest=/etc/ssh/sshd_config
- regexp="^PermitRootLogin"
- line="PermitRootLogin no"
- state=present
- notify:
- - restart ssh
- - name: Disallow SSH password authentication
- lineinfile:
- dest=/etc/ssh/sshd_config
- regexp="^PasswordAuthentication"
- line="PasswordAuthentication no"
- state=present
- notify:
- - restart ssh
- - name: Disallow SSH GSS API authentication
- lineinfile:
- dest=/etc/ssh/sshd_config
- regexp="^GSSAPIAuthentication"
- line="GSSAPIAuthentication no"
- state=present
- notify:
- - restart ssh
- handlers:
- - name: restart ssh
- service:
- name=ssh
- state=restarted
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
