From 0a62a8d248a640f8c284b4f953caa63a32173aed Mon Sep 17 00:00:00 2001 From: = <=> Date: Tue, 10 Jun 2025 21:05:04 +0200 Subject: [PATCH] add install_ssh role --- roles/server_install_ssh/defaults/main.yml | 8 ++++ roles/server_install_ssh/handlers/main.yml | 5 +++ roles/server_install_ssh/meta/main.yml | 0 roles/server_install_ssh/tasks/main.yml | 41 +++++++++++++++++++ .../templates/sshd_config.j2 | 18 ++++++++ roles/server_install_ssh/vars/main.yml | 0 6 files changed, 72 insertions(+) create mode 100644 roles/server_install_ssh/defaults/main.yml create mode 100644 roles/server_install_ssh/handlers/main.yml create mode 100644 roles/server_install_ssh/meta/main.yml create mode 100644 roles/server_install_ssh/tasks/main.yml create mode 100644 roles/server_install_ssh/templates/sshd_config.j2 create mode 100644 roles/server_install_ssh/vars/main.yml diff --git a/roles/server_install_ssh/defaults/main.yml b/roles/server_install_ssh/defaults/main.yml new file mode 100644 index 0000000..9003640 --- /dev/null +++ b/roles/server_install_ssh/defaults/main.yml @@ -0,0 +1,8 @@ +# Standard-SSH-Benutzer +ssh_user: skulladmin + +# Platzhalter-Key +ssh_public_key: "" + +# SSH-Port +ssh_port: 22 \ No newline at end of file diff --git a/roles/server_install_ssh/handlers/main.yml b/roles/server_install_ssh/handlers/main.yml new file mode 100644 index 0000000..9c4c94c --- /dev/null +++ b/roles/server_install_ssh/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart SSH + service: + name: ssh + state: restarted \ No newline at end of file diff --git a/roles/server_install_ssh/meta/main.yml b/roles/server_install_ssh/meta/main.yml new file mode 100644 index 0000000..e69de29 diff --git a/roles/server_install_ssh/tasks/main.yml b/roles/server_install_ssh/tasks/main.yml new file mode 100644 index 0000000..0122e9d --- /dev/null +++ b/roles/server_install_ssh/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: Paketlisten aktualisieren + apt: + update_cache: yes + cache_valid_time: 3600 + +- name: OpenSSH Server installieren + apt: + name: openssh-server + state: present + +- name: Benutzer anlegen (falls nicht vorhanden) + user: + name: "{{ ssh_user }}" + shell: /bin/bash + create_home: yes + +- name: SSH-Verzeichnis anlegen + file: + path: "/home/{{ ssh_user }}/.ssh" + state: directory + owner: "{{ ssh_user }}" + group: "{{ ssh_user }}" + mode: '0700' + +- name: SSH-Key eintragen + copy: + content: "{{ ssh_public_key }}" + dest: "/home/{{ ssh_user }}/.ssh/authorized_keys" + owner: "{{ ssh_user }}" + group: "{{ ssh_user }}" + mode: '0600' + +- name: SSH-Konfiguration per Template übertragen + template: + src: sshd_config.j2 + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: '0644' + notify: Restart SSH \ No newline at end of file diff --git a/roles/server_install_ssh/templates/sshd_config.j2 b/roles/server_install_ssh/templates/sshd_config.j2 new file mode 100644 index 0000000..761dcf8 --- /dev/null +++ b/roles/server_install_ssh/templates/sshd_config.j2 @@ -0,0 +1,18 @@ +# OpenSSH server configuration (managed by Ansible) +Port {{ ssh_port }} +Protocol 2 +PermitRootLogin no +PasswordAuthentication no +ChallengeResponseAuthentication no +UsePAM yes +X11Forwarding no +AllowUsers {{ ssh_user }} +ClientAliveInterval 300 +ClientAliveCountMax 2 +LoginGraceTime 30 +MaxAuthTries 3 +AllowTcpForwarding no +PermitEmptyPasswords no +PrintMotd no +UseDNS no +Compression no \ No newline at end of file diff --git a/roles/server_install_ssh/vars/main.yml b/roles/server_install_ssh/vars/main.yml new file mode 100644 index 0000000..e69de29