Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add validate option to lineinfile module to edit the sshd config file in chapter 10 #273

geerlingguy opened this issue May 20, 2020 · 3 comments


Copy link

geerlingguy commented May 20, 2020

To prevent users from blowing up their SSH server configuration and locking them out from their servers, we can add a validate to the lineinfile example modifying the sshd_config file in Chapter 10. For example, we created the following task in the May 20 Ansible 101 livestream (see #269):

    - name: Make sure SSH is more secure.
        dest: /etc/ssh/sshd_config
        regexp: "{{ item.regexp }}"
        line: "{{ item.line }}"
        state: present
        validate: 'sshd -t -f %s'
        - regexp: "^PasswordAuthentication"
          line: "PasswordAuthentication no"
        - regexp: "^PermitRootLogin"
          line: "PermitRootLogin no"
        - regexp: "^Port"
          line: "Port 2849"
      notify: restart ssh
Copy link

FinalDes commented May 21, 2020

Need to check sshd service is started first before run the command, ortherwise will have error,
my molecule test fail because sshd service is not started

- name: start sshd service
  become: true
    name: sshd
    state: started

Copy link

FinalDes commented May 21, 2020

planning to add the check ssh is secure or not.
PasswordAuthentication no require additional checks. Need to check public key is install first, otherwise cannot access to ssh server

Copy link
Owner Author

geerlingguy commented Jul 21, 2020

Fixed in the book's manuscript. Will be in the next book version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

No branches or pull requests

2 participants