ansible-hacklab-desktop/roles/desktop_auth/tasks/main.yml

- name: Install sudo
  apt:
    name: sudo
    state: present

- name: Install sshd
  apt:
    name: openssh-server
    state: present

- name: root password
  user:
    name: root
    password: "$6$rounds=2000000$ssaaJvMG.V6ateJd$.3Ht.X1PlcakPTz3OYexs6h/jz6NR5Qy.9YWynZ.XDQlCqBYfrUdFhqM6kAQcKO/fxVHwo1uRrqcKxYvGNKz/0"

- name: /root/.ssh
  file:
    path: /root/.ssh
    state: directory
    owner: root
    group: root
    mode: 0700

- name: /root/.ssh/authorized_keys
  template:
    src: authorized_keys.j2
    dest: /root/.ssh/authorized_keys
    owner: root
    group: root
    mode: 0600

- name: Configure SSH for key-only root access
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^\\s*PermitRootLogin\\s+"
    line: "PermitRootLogin without-password"
  notify: restart sshd

- name: SSH PubkeyAuthentication=yes
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^\\s*PubkeyAuthentication\\s+"
    line: "PubkeyAuthentication yes"
  notify: restart sshd

- name: SSH PasswordAuthentication=no
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: "^\\s*PasswordAuthentication\\s+"
    line: "PasswordAuthentication no"
  notify: restart sshd

- name: Hacklab user
  user:
    name: hacklab
    password: "$6$KE4g5K18$qeK6I7/j78Ob6cDqoJRt1IzvQ34PpOi1/HSQ2oEjAf3h/7XtkS6DJ6pEW.zm8szJ3wzA0cJ0vbSRHf2pWKJFo/" # "hacklab"
    groups: cdrom,dip,plugdev,lpadmin,dialout,sudo
    comment: Hacklab
    shell: /bin/bash

- name: Disable hacklab user authorized_keys
  file:
    path: /home/hacklab/.ssh/authorized_keys
    state: absent

#- name: Disable lightdm guest
#  copy:
#    content: "[Seat:*]\nallow-guest=false\n"
#    dest: /etc/lightdm/lightdm.conf.d/50-no-guest.conf
#    owner: root
#    group: root
#    mode: 0644
Initial commit 2018-06-02 22:03:27 +00:00			`- name: Install sudo`
			`apt:`
			`name: sudo`
			`state: present`

			`- name: Install sshd`
			`apt:`
			`name: openssh-server`
			`state: present`

			`- name: root password`
			`user:`
			`name: root`
			`password: "$6$rounds=2000000$ssaaJvMG.V6ateJd$.3Ht.X1PlcakPTz3OYexs6h/jz6NR5Qy.9YWynZ.XDQlCqBYfrUdFhqM6kAQcKO/fxVHwo1uRrqcKxYvGNKz/0"`

			`- name: /root/.ssh`
			`file:`
			`path: /root/.ssh`
			`state: directory`
			`owner: root`
			`group: root`
			`mode: 0700`

			`- name: /root/.ssh/authorized_keys`
			`template:`
			`src: authorized_keys.j2`
			`dest: /root/.ssh/authorized_keys`
			`owner: root`
			`group: root`
			`mode: 0600`

			`- name: Configure SSH for key-only root access`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: "^\\s*PermitRootLogin\\s+"`
			`line: "PermitRootLogin without-password"`
			`notify: restart sshd`

			`- name: SSH PubkeyAuthentication=yes`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: "^\\s*PubkeyAuthentication\\s+"`
			`line: "PubkeyAuthentication yes"`
			`notify: restart sshd`

			`- name: SSH PasswordAuthentication=no`
			`lineinfile:`
			`path: /etc/ssh/sshd_config`
			`regexp: "^\\s*PasswordAuthentication\\s+"`
			`line: "PasswordAuthentication no"`
			`notify: restart sshd`

			`- name: Hacklab user`
			`user:`
			`name: hacklab`
			`password: "$6$KE4g5K18$qeK6I7/j78Ob6cDqoJRt1IzvQ34PpOi1/HSQ2oEjAf3h/7XtkS6DJ6pEW.zm8szJ3wzA0cJ0vbSRHf2pWKJFo/" # "hacklab"`
			`groups: cdrom,dip,plugdev,lpadmin,dialout,sudo`
			`comment: Hacklab`
			`shell: /bin/bash`

			`- name: Disable hacklab user authorized_keys`
			`file:`
			`path: /home/hacklab/.ssh/authorized_keys`
			`state: absent`

			`#- name: Disable lightdm guest`
			`# copy:`
			`# content: "[Seat:*]\nallow-guest=false\n"`
			`# dest: /etc/lightdm/lightdm.conf.d/50-no-guest.conf`
			`# owner: root`
			`# group: root`
			`# mode: 0644`