From 8cf2c6766e78adee3678370724bfb50d556250c7 2023-12-14 18:48:44
From: x <xbr@c3l.lu>
Date: 2023-12-14 18:48:44
Subject: [PATCH] feat: reload sshd before adding new users (avoid vuln.)

---

diff --git a/initial_server_setup/initial_setup.yml b/initial_server_setup/initial_setup.yml
index f4b99a39dcfe75465449700a2c39bc2c48813209..df7a0f1ce2a2e8ac843fb872d8d104b6d2dffc0c 100644
--- a/initial_server_setup/initial_setup.yml
+++ b/initial_server_setup/initial_setup.yml
@@ -100,6 +100,12 @@
         line: "# PermitRootLogin No"
       tags: network,ssh
       register: root_login_sshd
+    - name: Reload SSHD
+      ansible.builtin.service:
+        name: "sshd"
+        state: "reloaded"
+      tags: network,ssh
+      when: pass_auth.changed or pass_auth_sshd.changed or empty_pass.changed or empty_pass_sshd.changed or root_login.changed or root_login_sshd.changed
 
     # Create Freifunk Users
     - name: Create member users
@@ -155,10 +161,3 @@
         group: root
         mode: '0440'
       tags: users
-
-    - name: Reload SSHD
-      ansible.builtin.service:
-        name: "sshd"
-        state: "reloaded"
-      tags: network,ssh
-      when: pass_auth.changed or pass_auth_sshd.changed or empty_pass.changed or empty_pass_sshd.changed or root_login.changed or root_login_sshd.changed