Playbook #3814
/home/ssh-gateway/ansible/kuly/RM10136_firewall_ssh_deny.yaml
Execution
Date 16 Sep 2025 10:11:10 +0100
Duration 00:00:13.64
Controller ssh-gw-4.layershift.com
User root
Versions
Ansible 2.16.11
ara 1.7.3 / 1.7.3
Python 3.10.10
Summary
40 Hosts
2 Tasks
78 Results
1 Plays
1 Files
0 Records
remote_user:root tags:all check:True

File: /home/ssh-gateway/ansible/kuly/RM10136_firewall_ssh_deny.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
---
- name: Playbook to deny ssh for plesk servers that do not have shell users
  hosts: all
  gather_facts: false
  tasks:
    - name: Get server info
      plesk_info:
      register: plsk
    - name: On plesk server run the script
      when: plsk.plesk_found
      ansible.builtin.shell: |
        set -o pipefail
        set -e
        homedirs=$(awk '/HTTPD_VHOSTS_D/ {print $2}' /etc/psa/psa.conf)
        bashes=$(grep "$homedirs" /etc/passwd | grep -v "/bin/false" | wc -l)
        if [ "$bashes" -eq 0 ]; then
          rule_id=$(/usr/sbin/plesk ext firewall --list-json | jq -r '.[] | select(.class=="ssh") | .id')
          if [ -n "$rule_id" ]; then
            echo "Blocking SSH via Plesk firewall (rule ID: $rule_id)..."
            /usr/sbin/plesk ext firewall --set-rule -id "$rule_id" -action deny && /usr/sbin/plesk ext firewall --apply -auto-confirm-this-may-lock-me-out-of-the-server
          else
            echo "SSH rule not found in firewall!"
          fi
        else
          echo "We have users with shells, skipping"
        fi
      args:
        executable: /bin/bash
      register: script_result
      changed_when: "'Blocking SSH' in script_result.stdout"
      failed_when: false
    - name: Display results
      ansible.builtin.debug:
        msg: "{{ script_result.stdout_lines }}"