public_facing: Disable PasswordAuthentication in sshd config

author David Galloway <dgallowa@redhat.com>

Tue, 21 Feb 2017 22:43:26 +0000 (17:43 -0500)

committer David Galloway <dgallowa@redhat.com>

Wed, 1 Mar 2017 23:39:34 +0000 (18:39 -0500)
author David Galloway <dgallowa@redhat.com>
Tue, 21 Feb 2017 22:43:26 +0000 (17:43 -0500)
committer David Galloway <dgallowa@redhat.com>
Wed, 1 Mar 2017 23:39:34 +0000 (18:39 -0500)
diff --git a/roles/public_facing/handlers/main.yml b/roles/public_facing/handlers/main.yml

index 99bcd684823a2413de71ff9bb66701cb775b78d8..d548b28c530e7f20d8bf77417402491a34758a9a 100644 (file)
--- a/roles/public_facing/handlers/main.yml
+++ b/roles/public_facing/handlers/main.yml
@@ -10,3 +10,9 @@
    service:
      name: fail2ban
      state: reloaded
+
+# Restart sshd
+- name: restart sshd
+  service:
+    name: sshd
+    state: restarted
diff --git a/roles/public_facing/tasks/main.yml b/roles/public_facing/tasks/main.yml

index 7be38dbb1ffe9f6da65143dd190cd96d8c1c98db..6e215de4819688de22fde76cd4843e2f104fc785 100644 (file)
--- a/roles/public_facing/tasks/main.yml
+++ b/roles/public_facing/tasks/main.yml
@@ -13,6 +13,14 @@
      - always
    when: use_fail2ban == true
  
+- name: Disable password authentication
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    regexp: "^PasswordAuthentication"
+    line: "PasswordAuthentication no"
+    state: present
+  notify: restart sshd
+
  ## Individual host tasks
  
  # local_action in the task after this causes 'ansible_host' to change to 'localhost'
author	David Galloway <dgallowa@redhat.com>
	Tue, 21 Feb 2017 22:43:26 +0000 (17:43 -0500)
committer	David Galloway <dgallowa@redhat.com>
	Wed, 1 Mar 2017 23:39:34 +0000 (18:39 -0500)
roles/public_facing/handlers/main.yml		patch \| blob \| history
roles/public_facing/tasks/main.yml		patch \| blob \| history