vn-ansible/linux/base-config-debian/roles/hardnening-config-root-user/tasks/main.yaml

---

# delete default user , only on VM
- name: delete default user , only on VM
  user:
    name: "{{ name_user }}"
    state: absent
    remove: yes
  tags:
  - delete-user

# change root password
- name: change root password
  user:
    name: root
    password: "{{ ssh_password | password_hash('sha512') }}"

# config sshd_config file , no root password
- name: change sshd_config to no root password
  copy:
    src: /etc/ssh/sshd_config.orig
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: '0644'

# delete file sshd_config.orig
- name: delete /etc/ssh/sshd_config.orig file
  file:
    path: /etc/ssh/sshd_config.orig
    state: absent
  notify: Restart ssh service