diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-09-04 14:42:08 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-09-04 16:04:45 +0300 |
commit | 7c250ddce0fa3b136eb3d8baec6c4ab513d0fbe8 (patch) | |
tree | 57489a09bf72006a0cc82732a10c32b7be5c57a3 /std.yml | |
parent | 1653e31dcce6388f8760a0b4775bf32b4df5fb56 (diff) | |
download | v-i-7c250ddce0fa3b136eb3d8baec6c4ab513d0fbe8.tar.gz |
fix(std.yml): don't allow SSH logins as root using password authn
There's not point in allowing it, forbid it instead.
Sponsored-by: author
Diffstat (limited to 'std.yml')
-rw-r--r-- | std.yml | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -41,6 +41,12 @@ {{ user_ca_pubkey }} dest: /etc/ssh/user_ca_keys + - name: "restrict root logins over ssh to require a key" + lineinfile: + path: /etc/ssh/sshd_config + regex: "#* *PasswordAuthentication" + line: "PasswordAuthentication no" + - name: "configure sshd to accept CA for users" when: user_ca_pubkey is defined copy: |