Playbook #4504
/home/ssh-gateway/ansible/kuly/RM10193-sshd-config-changes.yaml
Execution
Date 20 Nov 2025 12:10:06 +0000
Duration 00:00:03.17
Controller ssh-gw-4.layershift.com
User root
Versions
Ansible 2.16.11
ara 1.7.3 / 1.7.3
Python 3.10.10
Summary
3 Hosts
3 Tasks
9 Results
1 Plays
1 Files
0 Records
remote_user:root check:False tags:all

File: /home/ssh-gateway/ansible/kuly/RM10193-sshd-config-changes.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
---
- name: Playbook to make sshd changes
  hosts: all
  gather_facts: false
  vars:
    sshd_config_path: /etc/ssh/sshd_config
    sshd_hardening_params:
      - {regexp: '^#?AllowAgentForwarding', line: 'AllowAgentForwarding no'}
      - {regexp: '^#?AllowTcpForwarding', line: 'AllowTcpForwarding no'}
      - {regexp: '^#?X11Forwarding', line: 'X11Forwarding no'}
    ssh_port: 2233

  tasks:
    - name: Ensure SSHD config file exists before proceeding
      ansible.builtin.stat:
        path: "{{ sshd_config_path }}"
      register: sshd_config_stat
      failed_when: not sshd_config_stat.stat.exists

    - name: Make the replacements
      ansible.builtin.lineinfile:
        path: "{{ sshd_config_path }}"
        regexp: "{{ item.regexp }}"
        line: "{{ item.line }}"
        state: present
        backup: true
        validate: 'sshd -t -f %s'
      loop: "{{ sshd_hardening_params }}"
      register: sshd_config_results
      notify: Restart SSHD Service

    - name: Check sshd status
      ansible.builtin.debug:
        msg: "SSH is not runing as expected"
      when: sshd_config..status.ActiveState != "active"

  handlers:
    - name: Restart SSHD Service
      ansible.builtin.systemd:
        name: sshd
        state: restarted
        daemon_reload: true
      listen: "Restart SSHD Service"