Hi,

It's more a question than an issue actually
I am struggling with a bunch of VPS at different providers I was managing by hand until now and thanks to your blog I try to simplify my life with Ansible.

My deploy user already exists, so I had to switch off "Add deploy user" and "Add authorised keys..".
At the moment I merely commented them out, although I suppose there must a better way to do it.
I see my root pass changed, packages installed and my ssh port shifted, etc.,
But the ssh daemon still runs on 22. I think that it makes sense as the primary connection for Ansible.
Is the role supposed to restart the ssh daemon eventually or is it a manual task?

Hi,

My deploy user already exists, so I had to switch off "Add deploy user" and "Add authorised keys..". -> But why? ;-) The task just checks if the user exists and if it's already there then it will let the user basically untouched (uid, shell, and so on should of course match otherwise the task will adjust the user setting). So if you set the variables harden_linux_deploy_user,harden_linux_deploy_user_password,harden_linux_deploy_user_uid,harden_linux_deploy_user_shell and harden_linux_deploy_user_home as your current deploy user you should be fine.

Regarding SSH: The task will restart ssh daemon (see https://github.com/githubixx/ansible-role-harden-linux/blob/master/tasks/main.yml#L85) if a setting specified in harden_linux_sshd_settings changed.