-
Notifications
You must be signed in to change notification settings - Fork 0
/
ssh.yml
92 lines (75 loc) · 3.69 KB
/
ssh.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
- name: Prepare the sshd`for ansible
connection: local
gather_facts: false
hosts: localhost
vars:
adb_executable: "/usr/bin/adb"
shell_command: "{{ adb_executable }} shell"
sshd_path: "/system/etc/ssh/sshd_config"
authorized_keys_path: "/data/ssh/authorized_keys"
tmp_file: "/data/local/tmp/auth.tmp"
exists_string: "Key already installed"
tasks:
- name: Restart adb as root
shell: "{{ adb_executable }} root"
register: adb_root
failed_when: "\"unable to connect\" in adb_root.stderr"
- name: Remount system partition as read-write
shell: "{{ shell_command }} mount -o rw,remount /system"
register: adb_remount
failed_when: adb_remount.stderr != ""
- name: Sed PasswordAuthentication in sshd
shell: "{{ shell_command }} sed -ir \"s/\\(#\\)?PasswordAuthentication\\ \\(yes\\|no\\)/PasswordAuthentication\\ no/g\" {{ sshd_path }}"
register: sed_out
failed_when: sed_out.stderr != ""
- name: Sed PermitRootLogin in sshd
shell: "{{ shell_command }} sed -ir \"s/\\(#\\)?PermitRootLogin\\ \\(yes\\|no\\)/PermitRootLogin\\ yes/g\" {{ sshd_path }}"
register: sed_out
failed_when: sed_out.stderr != ""
- name: Sed PermitEmptyPassword in sshd
shell: "{{ shell_command }} sed -ir \"s/\\(#\\)?PermitEmptyPasswords\\ \\(yes\\|no\\)/PermitEmptyPasswords\\ no/g\" {{ sshd_path }}"
register: sed_out
failed_when: sed_out.stderr != ""
- name: Sed ChallengeResposnseAuthentication in sshd
shell: "{{ shell_command }} sed -ir \"s/\\(#\\)?ChallengeResponseAuthentication\\ \\(yes\\|no\\)/ChallengeResponseAuthentication\\ no/g\" {{ sshd_path }}"
register: sed_out
failed_when: sed_out.stderr != ""
- name: Sed PubkeyAuthentication in sshd
shell: "{{ shell_command }} sed -ir \"s/\\(#\\)?PubkeyAuthentication\\ \\(yes\\|no\\)/PubkeyAuthentication\\ yes/g\" {{ sshd_path }}"
register: sed_out
failed_when: sed_out.stderr != ""
- name: Sed sftp-subystem in sshd
shell: "{{ shell_command }} sed -ir \"s\\;/usr/libexec/sftp-server\\;internal-sftp\\;g\" {{ sshd_path }}"
register: sed_out
failed_when: sed_out.stderr != ""
- name: Sed remove \\# from Subsytem
shell: "{{ shell_command }} sed -ir \"s/#Subsystem/Subystem/g\" {{ sshd_path }}"
register: sed_out
failed_when: sed_out.stderr != ""
- name: Push public key to tmp-directory
shell: "{{ adb_executable }} push ~/.ssh/id_rsa.pub {{ tmp_file }}"
register: tmp
failed_when: tmp.stderr != ""
- name: Check if authorized_keys exists
shell: "{{ shell_command }} test -f {{ authorized_keys_path }}"
register: file_exists
ignore_errors: yes
- name: Check if key exists in authorized_keys
shell: "{{ shell_command }} \"if grep -q -f {{ tmp_file }} {{ authorized_keys_path }}; then echo {{ exists_string | quote }}; fi\""
register: auth_check
failed_when: auth_check.stderr != ""
when: file_exists.rc == 0
- name: Append key to authorized_keys
shell: "{{ shell_command }} \"cat {{ tmp_file }} >> {{ authorized_keys_path }}\""
when: auth_check is not defined or auth_check.stdout is not defined or auth_check.stdout is not search(exists_string)
- name: Remove tmp_file
shell: "{{ shell_command }} rm {{ tmp_file }}"
- name: Check if ssh is running
shell: "{{ shell_command }} pgrep sshd"
register: ssh_status
ignore_errors: yes
- name: Kill all running sshd-processes
shell: "{{ shell_command }} killall -9 sshd"
when: ssh_status.rc == 0
- name: Start ssh demon and generate missing keys
shell: "{{ shell_command }} /system/bin/start-ssh &"