Skull-IT/iac_stack
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add a proxmox condition to activate neccessary entries in sshd_config

Browse source
This commit is contained in:
= 2025-06-28 15:27:33 +02:00
parent 8ff70bfaad
commit 7ac8d9748f
2 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
roles/server_install_ssh/tasks/main.yml
View file

@ -4,6 +4,11 @@
update_cache: true update_cache: true
cache_valid_time: 3600 cache_valid_time: 3600
- name: Detect if system is Proxmox (by checking /etc/pve)
stat:
path: /etc/pve
register: pve_check
- name: OpenSSH Server installieren - name: OpenSSH Server installieren
ansible.builtin.apt: ansible.builtin.apt:
name: openssh-server name: openssh-server
@ -39,3 +44,5 @@
group: root group: root
mode: '0644' mode: '0644'
notify: Restart SSH notify: Restart SSH
vars:
is_proxmox: "{{ pve_check.stat.exists }}"

7
roles/server_install_ssh/templates/sshd_config.j2
View file

@ -1,7 +1,14 @@
# OpenSSH server configuration (managed by Ansible) # OpenSSH server configuration (managed by Ansible)
Port {{ ssh_port }} Port {{ ssh_port }}
Protocol 2 Protocol 2
{% if is_proxmox %}
PermitRootLogin prohibit-password
AcceptEnv LANG LC_*
{% else %}
PermitRootLogin no PermitRootLogin no
{% endif %}
PasswordAuthentication no PasswordAuthentication no
ChallengeResponseAuthentication no ChallengeResponseAuthentication no
UsePAM yes UsePAM yes