From a4623e0bd59664f22e8210c6f2741dec5df5a999 Mon Sep 17 00:00:00 2001
From: rubenb <rubenb@verdnatura.es>
Date: Thu, 26 Oct 2023 12:59:31 +0200
Subject: [PATCH] without sshd_config and delete authorized_keys

---
 roles/config-root-user/tasks/main.yaml | 20 ++++++++++++--------
 roles/config-root-user/vars/main.yaml  |  1 +
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/roles/config-root-user/tasks/main.yaml b/roles/config-root-user/tasks/main.yaml
index 5658868..9efa9a4 100644
--- a/roles/config-root-user/tasks/main.yaml
+++ b/roles/config-root-user/tasks/main.yaml
@@ -18,16 +18,20 @@
     name: root
     password: "{{ ssh_password | password_hash('sha512') }}"
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-
+# delete root ssh pub key in Authorized_keys
+- name: delete ssh pub key in /root/.ssh/authorized_keys
+  file:
+    path: "{{ root_authorized_keys }}"
+    state: absent
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 # config sshd_config file , no root password
-- name: change sshd_config to no root password
-  lineinfile:
-    path: "{{ path_sshd_config_file }}"
-    regexp: "PermitRootLogin yes"
-    line: "#PermitRootLogin prohibit-password"
-    state: present
-  notify: Restart ssh service
+#- name: change sshd_config to no root password
+#  lineinfile:
+#    path: "{{ path_sshd_config_file }}"
+#    regexp: "PermitRootLogin yes"
+#    line: "#PermitRootLogin prohibit-password"
+#    state: present
+#  notify: Restart ssh service
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 # service should start on boot.
 - name: service should start on boot
diff --git a/roles/config-root-user/vars/main.yaml b/roles/config-root-user/vars/main.yaml
index 50bf8fc..a06d938 100644
--- a/roles/config-root-user/vars/main.yaml
+++ b/roles/config-root-user/vars/main.yaml
@@ -2,6 +2,7 @@
 ssh_daemon: ssh
 path_sshd_config_file: /etc/ssh/sshd_config
 path_bashrc_root: /root/.bashrc
+root_authorized_keys: /root/.ssh/authorized_keys
 export_LS_OPTIONS: export LS_OPTIONS='--color=auto'
 eval_dircolors: eval "$(dircolors)"
 alias_ls: alias ls='ls $LS_OPTIONS'