Changeset 13845 for main/waeup-ansible


Ignore:
Timestamp:
21 Apr 2016, 12:35:27 (8 years ago)
Author:
uli
Message:

Add tasks for securing sshd config.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • main/waeup-ansible/bootstrap.yml

    r13844 r13845  
    3838        state=present"
    3939
     40    - name: "bootstrap | disable dsa keys in sshd_config"
     41      lineinfile:
     42        dest=/etc/ssh/sshd_config
     43        backrefs=yes
     44        line='# HostKey /etc/ssh/ssh_host_dsa_key'
     45        regexp='^HostKey /etc/ssh/ssh_host_dsa_key'
     46        state=present
     47
     48    - name: "bootstrap | disable ecdsa keys in sshd_config"
     49      lineinfile:
     50        dest=/etc/ssh/sshd_config
     51        backrefs=yes
     52        line='# HostKey /etc/ssh/ssh_host_ecdsa_key'
     53        regexp='^HostKey /etc/ssh/ssh_host_ecdsa_key'
     54        state=present
     55
     56    - name: "bootstrap | set key bits in sshd_config to 4096"
     57      lineinfile:
     58        dest=/etc/ssh/sshd_config
     59        backrefs=yes
     60        line='ServerKeyBits 4096'
     61        regexp='^ServerKeyBits 1024'
     62        state=present
     63
    4064    - name: "bootstrap | restart sshd"
    4165      service:
Note: See TracChangeset for help on using the changeset viewer.