15 lines
513 B
YAML
15 lines
513 B
YAML
---
|
|
# Bootstrap-only: permissive SSH for initial Ansible access.
|
|
# Post-bootstrap hardening (key-only, no root login) is handled by the linux role.
|
|
- name: Ensure SSH password authentication is enabled
|
|
ansible.builtin.lineinfile:
|
|
path: /mnt/etc/ssh/sshd_config
|
|
regexp: "^#?PasswordAuthentication\\s+"
|
|
line: "PasswordAuthentication yes"
|
|
|
|
- name: SSH permit root login
|
|
ansible.builtin.replace:
|
|
path: /mnt/etc/ssh/sshd_config
|
|
regexp: "^#?PermitRootLogin.*"
|
|
replace: "PermitRootLogin yes"
|