Skip to content

Commit b0488e8

Browse files
Byh0kiByh0ki
authored
ssh: explicitly enable or disable the service at boot (#771)
Signed-off-by: Sevan Murriguian-Watrin <[email protected]>
1 parent 19ca997 commit b0488e8

File tree

2 files changed

+9
-1
lines changed

2 files changed

+9
-1
lines changed

roles/ssh_hardening/defaults/main.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,12 @@ network_ipv6_enable: true # sshd + ssh
66
ssh_client_config_file: /etc/ssh/ssh_config # ssh
77
ssh_server_config_file: /etc/ssh/sshd_config # sshd
88

9-
# true if sshd should be started and enabled
9+
# true if sshd should be started
1010
ssh_server_enabled: true # sshd
1111

12+
# true if sshd should be enabled at boot
13+
ssh_server_service_enabled: true # sshd
14+
1215
# true if DNS resolutions are needed, look up the remote host name,
1316
# defaults to false from 6.8, see: http://www.openssh.com/txt/release-6.8
1417
ssh_use_dns: false # sshd

roles/ssh_hardening/tasks/hardening.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -144,3 +144,8 @@
144144
when:
145145
- sshd_disable_crypto_policy | bool
146146
- ('crypto-policies' in ansible_facts.packages)
147+
148+
- name: Enable or disable sshd service
149+
ansible.builtin.service:
150+
name: "{{ sshd_service_name }}"
151+
enabled: "{{ ssh_server_service_enabled }}"

0 commit comments

Comments
 (0)