From 355371af1047c2de9edfdeee44c2bfe6667ba1ac Mon Sep 17 00:00:00 2001
From: Brian Lee <blee@satstack.cloud>
Date: Mon, 20 May 2024 22:37:33 -0700
Subject: [PATCH] Disable plaintext ssh auth.

---
 tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tasks/main.yml b/tasks/main.yml
index 5e21726..461bb6e 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -31,5 +31,13 @@
     state: present
   notify: restart ssh
 
+- name: Disable plaintext password authentication
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regex: 'PasswordAuthentication'
+    line: 'PasswordAuthentication no'
+    state: present
+  notify: restart ssh
+
 - name: "Set up {{ ansible_os_family }}-based systems"
   include_tasks: "setup-{{ ansible_os_family }}.yml"