From: David Galloway <dgallowa@redhat.com>
Date: Tue, 21 Feb 2017 22:43:26 +0000 (-0500)
Subject: public_facing: Disable PasswordAuthentication in sshd config
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=de2f88e4fc79eac738a72020f27b322a78cf7958;p=ceph-cm-ansible.git

public_facing: Disable PasswordAuthentication in sshd config

Signed-off-by: David Galloway <dgallowa@redhat.com>
---

diff --git a/roles/public_facing/handlers/main.yml b/roles/public_facing/handlers/main.yml
index 99bcd684..d548b28c 100644
--- a/roles/public_facing/handlers/main.yml
+++ b/roles/public_facing/handlers/main.yml
@@ -10,3 +10,9 @@
   service:
     name: fail2ban
     state: reloaded
+
+# Restart sshd
+- name: restart sshd
+  service:
+    name: sshd
+    state: restarted
diff --git a/roles/public_facing/tasks/main.yml b/roles/public_facing/tasks/main.yml
index 7be38dbb..6e215de4 100644
--- a/roles/public_facing/tasks/main.yml
+++ b/roles/public_facing/tasks/main.yml
@@ -13,6 +13,14 @@
     - always
   when: use_fail2ban == true
 
+- name: Disable password authentication
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    regexp: "^PasswordAuthentication"
+    line: "PasswordAuthentication no"
+    state: present
+  notify: restart sshd
+
 ## Individual host tasks
 
 # local_action in the task after this causes 'ansible_host' to change to 'localhost'