mirror of
				https://github.com/kevinveenbirkenbach/computer-playbook.git
				synced 2025-10-25 07:27:23 +00:00 
			
		
		
		
	sshd
Description
This Ansible role configures the OpenSSH daemon (sshd) by deploying a templated sshd_config file. It applies secure, best-practice settings—such as disabling root login, enforcing public-key authentication, and setting appropriate logging levels—to harden remote access and reduce the risk of misconfiguration or lockout.
Overview
- Renders sshd_config.j2into/etc/ssh/sshd_configwith customizable options
- Sets file ownership (root:root) and permissions (0644)
- Automatically reloads and restarts the SSH service via a Systemd handler
- Uses a run_once_sys_svc_sshdfact to ensure idempotent execution
Features
- 
Templated Configuration 
 Delivers a Jinja2-basedsshd_configwith variables for debug logging and PAM support.
- 
Security Defaults - Disables password (PasswordAuthentication no) and root login (PermitRootLogin no)
- Enforces public-key authentication (PubkeyAuthentication yes)
- Conditionally sets LogLeveltoDEBUG3whenMODE_DEBUGis true
 
- Disables password (
- 
Systemd Integration 
 Handles daemon reload and service restart seamlessly on configuration changes.
- 
Idempotency 
 Ensures tasks run only once per play by setting therun_once_sys_svc_sshdfact.