klips/ansible/roles/core/tasks/configure-ssh.yml

---
- name: Copy server MOTD
  template: src=files/motd dest=/etc/motd

- name: Install Yubico Authentication Module
  apt:
    name: libpam-yubico
    state: latest

- name: Configure PAM
  template: src=files/sshd dest=/etc/pam.d/sshd

- name: Add authusers file
  copy:
    dest: "/etc/authusers"
    content: |
      user1
      user2      

- name: Add authorized_yubikeys file
  copy:
    dest: "/etc/ssh/authorized_yubikeys"
    content: |
      user:cccckey1cccc:cccckey2cccc      

- name: Add custom /etc/hosts
  lineinfile:
    dest: /etc/hosts
    line: '{{ item }}'
  with_items:
    - '127.0.0.1 localhost'
    - '127.0.0.2 www.otherhost.com otherhost'

- name: Add SSH Keys
  lineinfile:
    dest: /home/ansible/.ssh/authorized_keys
    line: '{{ item }}'
  with_items:
    - 'ssh-idrsa AAZ1NTE5AAAAIA+ndydG+ddddpdddaabvbumkiuyk7778678676547564563434XwmnYb user@host'


- name: Copy ssh configuration file
  template: src=files/sshd_config dest=/etc/ssh/sshd_config
  notify:
  - restart ssh