Skip to content
Snippets Groups Projects
Commit c15ae893 authored by Jörg Sachse's avatar Jörg Sachse
Browse files

feat: validate modified sshd_config file to avoid locking ourselves out of SSH...

feat: validate modified sshd_config file to avoid locking ourselves out of SSH due to invalid config
parent d530f25c
Branches
Tags
No related merge requests found
---
- name: Konfiguration für OpenSSH einspielen - gehärtete Config
blockinfile:
ansible.builtin.blockinfile:
path: "/etc/ssh/sshd_config"
backup: "yes"
insertbefore: "### BEGIN ANSIBLE MANAGED BLOCK - SFTP SERVER"
marker: "### {mark} ANSIBLE MANAGED BLOCK - HARDENED SSH SERVER"
validate: /usr/sbin/sshd -T -f %s
block: |
### Debian-specific default configurations as described by sshd_config(5) manpage. These differ from the vanilla OpenSSH defaults.
ChallengeResponseAuthentication no
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment