ansible-collection-wip/roles/system_baseline/tasks/sshd.yml

---
- name: sshd PermitRootLogin=no
  lineinfile:
    dest: "/etc/ssh/sshd_config"
    regexp: "^#?\\w*PermitRootLogin"
    line: "PermitRootLogin no"
    state: present
  become: true
  notify: "reload sshd"

- name: sshd PasswordAuthentication=no
  lineinfile:
    dest: "/etc/ssh/sshd_config"
    regexp: "^#?\\w*PasswordAuthentication"
    line: "PasswordAuthentication no"
    state: present
  become: true
  notify: "reload sshd"

- name: retrieve ssh host key
  fetch:
    src: "/etc/ssh/ssh_host_ed25519_key.pub"
    dest: "files/ssh_host_keys/{{ inventory_hostname }}_ed25519.pub"
    flat: yes
feat: initial commit 2025-06-02 14:55:56 +01:00			`---`
			`- name: sshd PermitRootLogin=no`
			`lineinfile:`
			`dest: "/etc/ssh/sshd_config"`
			`regexp: "^#?\\w*PermitRootLogin"`
			`line: "PermitRootLogin no"`
			`state: present`
			`become: true`
			`notify: "reload sshd"`

			`- name: sshd PasswordAuthentication=no`
			`lineinfile:`
			`dest: "/etc/ssh/sshd_config"`
			`regexp: "^#?\\w*PasswordAuthentication"`
			`line: "PasswordAuthentication no"`
			`state: present`
			`become: true`
			`notify: "reload sshd"`

			`- name: retrieve ssh host key`
			`fetch:`
			`src: "/etc/ssh/ssh_host_ed25519_key.pub"`
			`dest: "files/ssh_host_keys/{{ inventory_hostname }}_ed25519.pub"`
			`flat: yes`