From a217f32c28999f6798442bc2b721900859dca766 Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Thu, 19 Sep 2019 10:03:37 +0800
Subject: bootstrap: Disable password login for SSH

---
 roles/bootstrap/tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml
index 24f4c82..806902d 100644
--- a/roles/bootstrap/tasks/main.yml
+++ b/roles/bootstrap/tasks/main.yml
@@ -59,6 +59,14 @@
     validate: "sshd -t -f %s"
   notify: restart-sshd
 
+- name: SSH - disable password login
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^#?PasswordAuthentication"
+    line: "PasswordAuthentication no"
+    validate: "sshd -t -f %s"
+  notify: restart-sshd
+
 - name: SSH - disable empty password login
   lineinfile:
     path: /etc/ssh/sshd_config
-- 
cgit v1.2.2