From 569f14ea1a574f51b114fa291dfe3e5724afc34c Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Wed, 3 Mar 2021 14:50:59 +0000
Subject: [PATCH] adding ssh role

---
 roles/ssh/handlers/main.yml |  5 +++++
 roles/ssh/tasks/main.yml    | 19 +++++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 roles/ssh/handlers/main.yml
 create mode 100644 roles/ssh/tasks/main.yml

diff --git a/roles/ssh/handlers/main.yml b/roles/ssh/handlers/main.yml
new file mode 100644
index 0000000..822887e
--- /dev/null
+++ b/roles/ssh/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart ssh
+  service:
+    name: ssh
+    state: restarted
diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml
new file mode 100644
index 0000000..b957770
--- /dev/null
+++ b/roles/ssh/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+- name: Configure SSH access
+  tags: [ssh, server]
+  become: true
+  block:
+    - name: Remove any PermitRootLogin instruction
+      lineinfile:
+        dest: /etc/ssh/sshd_config
+        regexp: "^PermitRootLogin"
+        state: absent
+      notify: restart ssh
+
+    - name: Disable SSH root login
+      lineinfile:
+        dest: /etc/ssh/sshd_config
+        regexp: "^PermitRootLogin"
+        line: "PermitRootLogin prohibit-password"
+        state: present
+      notify: restart ssh