LinuxUpskillChallenge/phase2user.yml

---
- name: Lock down root & SSH on the server
  hosts: UpskillChallengeNode

  tasks:
  - name: Disable root login over ssh
    ansible.builtin.lineinfile:
      path: /etc/ssh/sshd_config
      regexp: '^PermitRootLogin'
      line: 'PermitRootLogin no'

  - name: Disable all users' password login
    ansible.builtin.lineinfile:
      path: /etc/ssh/sshd_config
      regexp: '^PasswordAuthentication'
      line: 'PasswordAuthentication no'

  - name: Change SSH port
    ansible.builtin.lineinfile:
      path: /etc/ssh/sshd_config
      regexp: '^#?Port '
      line: 'Port 22022'

  - name: update and upgrade packages
    ansible.builtin.apt:
      update_cache: yes
      upgrade: yes

  - name: install fail2ban
    ansible.builtin.apt:
      package: fail2ban
      state: present

  - name: restart ssh
    service:
      name: ssh
      state: restarted
Day three: enhance SSH security in two separate phases. Closes #3 2022-02-10 02:46:01 +00:00			`---`
			`- name: Lock down root & SSH on the server`
			`hosts: UpskillChallengeNode`

			`tasks:`
			`- name: Disable root login over ssh`
			`ansible.builtin.lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: '^PermitRootLogin'`
			`line: 'PermitRootLogin no'`

			`- name: Disable all users' password login`
			`ansible.builtin.lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: '^PasswordAuthentication'`
			`line: 'PasswordAuthentication no'`

			`- name: Change SSH port`
			`ansible.builtin.lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: '^#?Port '`
			`line: 'Port 22022'`

			`- name: update and upgrade packages`
			`ansible.builtin.apt:`
			`update_cache: yes`
			`upgrade: yes`

			`- name: install fail2ban`
			`ansible.builtin.apt:`
			`package: fail2ban`
			`state: present`

			`- name: restart ssh`
			`service:`
			`name: ssh`
			`state: restarted`