From af716be0b08f8ea49fb18b1a87a20e9353d2e472 Mon Sep 17 00:00:00 2001
From: transatoshi <transatoshi@x225.grinminer.net>
Date: Sat, 11 Jan 2025 19:20:19 -0800
Subject: [PATCH] updated ssh-hardening.yml

---
 ansible/ssh-hardening.yml | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/ansible/ssh-hardening.yml b/ansible/ssh-hardening.yml
index 5b6c038..7826ece 100644
--- a/ansible/ssh-hardening.yml
+++ b/ansible/ssh-hardening.yml
@@ -22,14 +22,21 @@
   - name: Replace PermitRootLogin 
     ansible.builtin.replace:
       path: /etc/ssh/sshd_config
-      regexp: PermitRootLogin yes
-      replace: PermitRootLogin prohibit-password
+      regexp: 'PermitRootLogin yes'
+      replace: 'PermitRootLogin prohibit-password'
 
   - name: Replace PasswordAuthentication
     ansible.builtin.replace:
       path: /etc/ssh/sshd_config
-      regexp: PasswordAuthentication yes
-      replace: PasswordAuthentication no    
+      regexp: '#PasswordAuthentication yes'
+      replace: 'PasswordAuthentication no' 
+
+  - name: Replace PasswordAuthentication
+    ansible.builtin.replace:
+      path: /etc/ssh/sshd_config
+      regexp: 'PasswordAuthentication yes'
+      replace: 'PasswordAuthentication no' 
+
 
   - name: Restart SSH
     ansible.builtin.shell: