ssh daemon restart - question
eleaner opened this issue · comments
Hi,
It's more a question than an issue actually
I am struggling with a bunch of VPS at different providers I was managing by hand until now and thanks to your blog I try to simplify my life with Ansible.
My deploy user already exists, so I had to switch off "Add deploy user" and "Add authorised keys..".
At the moment I merely commented them out, although I suppose there must a better way to do it.
I see my root pass changed, packages installed and my ssh port shifted, etc.,
But the ssh daemon still runs on 22. I think that it makes sense as the primary connection for Ansible.
Is the role supposed to restart the ssh daemon eventually or is it a manual task?
Hi,
My deploy user already exists, so I had to switch off "Add deploy user" and "Add authorised keys..".
-> But why? ;-) The task just checks if the user exists and if it's already there then it will let the user basically untouched (uid
, shell
, and so on should of course match otherwise the task will adjust the user setting). So if you set the variables harden_linux_deploy_user,harden_linux_deploy_user_password,harden_linux_deploy_user_uid,harden_linux_deploy_user_shell and harden_linux_deploy_user_home
as your current deploy user you should be fine.
Regarding SSH: The task will restart ssh daemon (see https://github.com/githubixx/ansible-role-harden-linux/blob/master/tasks/main.yml#L85) if a setting specified in harden_linux_sshd_settings
changed.