From 0f2f251ed1f235b9e7254ee4f3807e1bc37f6053 Mon Sep 17 00:00:00 2001
From: Emmanuel Cohen <atmaniak@gmail.com>
Date: Tue, 11 Aug 2020 09:30:41 +0200
Subject: [PATCH] Fix for OVH's ssh configuration

---
 roles/sysconfig/handlers/main.yml |  5 +++++
 roles/sysconfig/tasks/main.yml    | 13 +++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/roles/sysconfig/handlers/main.yml b/roles/sysconfig/handlers/main.yml
index ee9f0c9a..8a44608f 100644
--- a/roles/sysconfig/handlers/main.yml
+++ b/roles/sysconfig/handlers/main.yml
@@ -12,6 +12,11 @@
     name: cron
     state: restarted
 
+- name: restart sshd
+  service:
+    name: sshd
+    state: restarted
+
 - name: update cache
   apt:
     force_apt_get: true
diff --git a/roles/sysconfig/tasks/main.yml b/roles/sysconfig/tasks/main.yml
index fbc1a345..4b0dbe36 100644
--- a/roles/sysconfig/tasks/main.yml
+++ b/roles/sysconfig/tasks/main.yml
@@ -20,6 +20,19 @@
       APT::Periodic::Update-Package-Lists "1";
       APT::Periodic::Unattended-Upgrade "1";
 
+- name: enable root login via ssh with key
+  replace:
+    dest: /etc/ssh/sshd_config
+    regexp: '^#PermitRootLogin (yes|without-password|prohibit-password)'
+    replace: "PermitRootLogin without-password"
+  notify: restart sshd
+
+- name: remove disabled root login
+  replace:
+    dest: /root/.ssh/authorized_keys
+    regexp: "^no-port-forwarding,(.+) ssh-"
+    replace: "ssh-"
+
 # FIREWALL
 
 - name: firewall
-- 
GitLab