Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when using the ssh_hardening role #519

Closed
obvionaoe opened this issue Jan 10, 2022 · 4 comments
Closed

Error when using the ssh_hardening role #519

obvionaoe opened this issue Jan 10, 2022 · 4 comments

Comments

@obvionaoe
Copy link

Describe the bug
I'm getting an error when using the ssh_hardening role from the collection. I don't know how to debug it since it gives an error from a temporary file.

Expected behavior
The role should run without any issues

Actual behavior

TASK [roles/ansible_collections/devsec/hardening/roles/ssh_hardening : Create sshd_config and set permissions to root/600] ***************************************************************************************************************************************************************
fatal: [main]: FAILED! => {"changed": false, "checksum": "d3469635fff016d9c8b4ae13264f7291a109683e", "exit_status": 255, "msg": "failed to validate", "stderr": "/root/.ansible/tmp/ansible-tmp-1641774009.653889-60739-3401062524539/source line 14: unsupported option \"True\".\r\n", "stderr_lines": ["/root/.ansible/tmp/ansible-tmp-1641774009.653889-60739-3401062524539/source line 14: unsupported option \"True\"."], "stdout": "", "stdout_lines": []}

Example Playbook

- hosts: all
  become: true
  tasks:
    - name: SSH Hardening
      include_role:
        name: roles/ansible_collections/devsec/hardening/roles/ssh_hardening
      vars:
        network_ipv6_enable: false
        ssh_permit_root_login: yes

OS / Environment

Ubuntu 20.04

Ansible Version

ansible [core 2.12.1]
  config file = $HOME/projects/personal/ansible/playbooks/server/ansible.cfg
  configured module search path = ['$HOME/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.10/site-packages/ansible
  ansible collection location = $HOME/projects/personal/ansible/playbooks/server/roles
  executable location = /usr/bin/ansible
  python version = 3.10.1 (main, Dec 18 2021, 23:53:45) [GCC 11.1.0]
  jinja version = 3.0.3
  libyaml = True

Role Version

7.14.0

Additional context
Add any other context about the problem here.
@rndmh3ro
Copy link
Member

Please see the documentation:

ssh_permit_root_login

    Default: no
    Description: Disable root-login. Set to 'without-password' or 'yes' to enable root-login - The quotes are required!

You need to use quotes:

- hosts: all
  become: true
  tasks:
    - name: SSH Hardening
      include_role:
        name: roles/ansible_collections/devsec/hardening/roles/ssh_hardening
      vars:
        network_ipv6_enable: false
        ssh_permit_root_login: "yes"

@obvionaoe
Copy link
Author

Well this worked before without quotes... Thanks!

@rndmh3ro
Copy link
Member

You're right, it did work on an older version. But since the permit root option takes other values besides yes and no it was changed to a string.

@obvionaoe
Copy link
Author

Gotcha! Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rndmh3ro @obvionaoe