Ansible - Bootstrap VM setup and lockdown SSH

The Playbook

(missing playbook! sorry I need to dig it out from somewhere and put it here!)

Run it!

run playbook:

[[email protected] ansible]# ansible-playbook -i hosts playbooks/bootstrap.yml --user root --ask-pass
SSH password:

output:

PLAY [all] *******************************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************
ok: [jenkins.darksyde.net]

TASK [Change root password] **************************************************************************************************************************************************
ok: [jenkins.darksyde.net]

TASK [Add user remote] *******************************************************************************************************************************************************
changed: [jenkins.darksyde.net]

TASK [Add SSH public key to user remote] *************************************************************************************************************************************
changed: [jenkins.darksyde.net]

TASK [Add remote user to sudoers] ********************************************************************************************************************************************
changed: [jenkins.darksyde.net]

TASK [Disallow root SSH access] **********************************************************************************************************************************************
changed: [jenkins.darksyde.net]

TASK [Disallow SSH password authentication] **********************************************************************************************************************************
changed: [jenkins.darksyde.net]

TASK [Disallow SSH GSS API authentication] ***********************************************************************************************************************************
changed: [jenkins.darksyde.net]

RUNNING HANDLER [restart sshd] ***********************************************************************************************************************************************
changed: [jenkins.darksyde.net]

PLAY RECAP *******************************************************************************************************************************************************************
jenkins.darksyde.net       : ok=9    changed=7    unreachable=0    failed=0

Login with new ‘remote’ user

login with new user ‘remote’

[[email protected] ansible]# ssh [email protected]
The authenticity of host 'jenkins (172.16.20.11)' can't be established.
ECDSA key fingerprint is SHA256:UdBTuvTZKdwB9eF+DPX6VZN5F1T8ZvESQ80+W/gcynM.
ECDSA key fingerprint is MD5:58:9e:c0:2a:50:d3:68:31:fc:35:ef:a5:27:a0:1e:ca.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'jenkins' (ECDSA) to the list of known hosts.
[[email protected] ~]$ ls

References:

Install Ansible and Run some Commands

Leave a Comment