# sshd ~~ roles/sshd/tasks/main.yml # Create sshd configuration and restart daemon --- - name: generate sshd configuration template: src: templates/sshd_config.j2 dest: /etc/ssh/sshd_config owner: "0" group: "0" mode: "0644" - name: retrieve all existing users shell: cut -d ":" -f 1 /etc/passwd register: sshd_users change_when: false - name: bind retrieved users output lines to list set_fact: sshd_users: "{{ sshd_users.stdout_lines }}" - name: get ssh keys for all user find: paths: "{{ inventory_dir }}/files/pubkeys" pattern: "*.pub" recurse: true file_type: link register: keys delegate_to: localhost - name: show pubkeys debug: msg: | {% for key in keys.files %} {{ key.path }} {% endfor %} run_once: true delegate_to: localhost - name: synchronize ssh keys authorized_key: user: "{{ item.path | dirname | basename }}" state: present key: "{{ lookup('file', item.path) }}" when: item.path | dirname | basename in sshd_users loop: "{{ keys.files }}" loop_control: label: "{{ item.path }}" - name: get users homedir shell: echo $(getent passwd "{{ item.path | dirname | basename }}" | cut -d ":" -f 6) "{{ item.path | dirname | basename }}" register: sshd_homedirs when: item.path | dirname | basename in sshd_users loop: "{{ keys.files }}" change_when: false loop_control: label: "{{ item.path | dirname | basename }}" - name: clean users homedir result set_fact: sshd_homedirs: "[{% for dir in sshd_homedirs.results if dir.stdout is defined %}\"{{ dir.stdout }}\", {% endfor %}]" - name: make users homedir unique set_fact: sshd_homedirs: "{{ sshd_homedirs | unique }}" - name: show sshd homedirs for users debug: var: sshd_homedirs - name: chown ssh file to correct user file: path: "{{ item.split(' ')[0] }}/.ssh/authorized_keys" owner: "{{ item.split(' ')[1] }}" mode: "0600" ignore_errors: true when: item.split(" ")[1] in sshd_users loop: "{{ sshd_homedirs }}" loop_control: label: "{{ item }}" - name: restart sshd service: name: sshd state: restarted - name: check ssh connection wait_for: port: 22 delay: 1 state: started