From 6cdeaac2f5a35d337c1ed035246e3506c4c84c70 2023-08-24 01:46:12
From: x <xbr@c3l.lu>
Date: 2023-08-24 01:46:12
Subject: [PATCH] fix: remove configured settings in sshd_config

---

diff --git a/initial_server_setup/initial_setup.yml b/initial_server_setup/initial_setup.yml
index c5b9c2c9a6cf2e9c477e89b878d928e5afb7c33a..f8f8e49353b8fc231c8d43a5b17dfbbc85c3fbda 100644
--- a/initial_server_setup/initial_setup.yml
+++ b/initial_server_setup/initial_setup.yml
@@ -57,6 +57,10 @@
         content: |
           # {{ ansible_managed }}
           PasswordAuthentication no
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regex: "^PasswordAuthentication"
+        line: "# PasswordAuthentication No"
       tags: network,ssh
     - name: Disable SSH Empty Password
       ansible.builtin.copy:
@@ -66,6 +70,10 @@
         content: |
           # {{ ansible_managed }}
           PermitEmptyPasswords no
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regex: "^PermitEmptyPasswords"
+        line: "# PermitEmptyPasswords No"
       tags: network,ssh
     - name: Disable SSH Root Login
       ansible.builtin.copy:
@@ -75,6 +83,10 @@
         content: |
           # {{ ansible_managed }}
           PermitRootLogin no
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regex: "^PermitRootLogin"
+        line: "# PermitRootLogin No"
       tags: network,ssh
     - name: Reload SSHD
       ansible.builtin.service: