first commit

roles/defaults/tasks/ssh-config.yml

@@ -0,0 +1,23 @@
+---
+- name: Add Authorized Keys
+  ansible.posix.authorized_key:
+    user: "{{ user['name'] }}"
+    state: present
+    key: "{{ lookup('file', 'simon_win11.pub') }}"
+
+- name: Harden SSH Config
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+    state: present
+    validate: 'sshd -T -f %s'
+    mode: '0644'
+  with_items:
+    - regexp: "^PasswordAuthentication"
+      line: "PasswordAuthentication no"
+    - regexp: "^Port"
+      line: "Port {{ ssh_port }}"
+    - regexp: "^PermitRootLogin"
+      line: "PermitRootLogin without-password"
+  notify: Restart ssh