- hosts: all remote_user: root tasks: - name: Install fail2ban ansible.builtin.apt: pkg: - fail2ban state: latest update_cache: yes - name: Copy fail2ban jail ansible.builtin.copy: src: /etc/fail2ban/jail.conf dest: /etc/fail2ban/jail.local - name: Enable fail2ban ansible.builtin.shell: cmd: systemctl enable fail2ban cmd: systemctl start fail2ban - name: Replace PermitRootLogin ansible.builtin.replace: path: /etc/ssh/sshd_config regexp: 'PermitRootLogin yes' replace: 'PermitRootLogin prohibit-password' - name: Replace PasswordAuthentication ansible.builtin.replace: path: /etc/ssh/sshd_config regexp: '#PasswordAuthentication yes' replace: 'PasswordAuthentication no' - name: Replace PasswordAuthentication ansible.builtin.replace: path: /etc/ssh/sshd_config regexp: 'PasswordAuthentication yes' replace: 'PasswordAuthentication no' - name: Restart SSH ansible.builtin.shell: cmd: systemctl restart ssh