SSH security configuration and hardening for Raspberry Pi and Ubuntu systems.
- Ansible >= 2.9
- Target OS: Ubuntu 20.04+, Debian Bullseye+, Raspberry Pi OS
This role provides SSH security configuration including:
- SSH key setup and management
- SSH service configuration and hardening
- Optional firewall configuration (future)
- Optional fail2ban installation (future)
Available variables with their default values (see defaults/main.yml):
# SSH security
configure_ssh_keys: true
# SSH service
enable_ssh_service: true
# Future security features (currently disabled for testing)
configure_firewall: false
install_fail2ban: falseNone.
---
- hosts: raspberry_pi
become: true
roles:
- role: security
vars:
configure_ssh_keys: true
enable_ssh_service: trueAvailable tags for selective execution:
security- Run all security role tasksssh- SSH configuration only
# Configure SSH only
ansible-playbook playbook.yml --tags "ssh"
# Run all security tasks
ansible-playbook playbook.yml --tags "security"- Configures SSH key authentication
- Sets up SSH service
- Applies SSH hardening best practices
MIT
This role was created as part of a modular Ansible infrastructure for Raspberry Pi deployment.
Issues and pull requests are welcome at the repository URL.