101 lines
2.9 KiB
YAML
101 lines
2.9 KiB
YAML
---
|
|
- name: SSH Connection Debug and Fix
|
|
hosts: pve_cluster
|
|
gather_facts: yes
|
|
tasks:
|
|
- name: Check SSH service status
|
|
systemd:
|
|
name: ssh
|
|
state: started
|
|
register: ssh_status
|
|
|
|
- name: Display SSH service status
|
|
debug:
|
|
msg: "SSH Service: {{ ssh_status.status.ActiveState }}"
|
|
|
|
- name: Check SSH configuration
|
|
command: sshd -T
|
|
register: sshd_config
|
|
ignore_errors: yes
|
|
|
|
- name: Display SSH configuration (key settings)
|
|
debug:
|
|
msg: |
|
|
PasswordAuthentication: {{ sshd_config.stdout | regex_search('passwordauthentication (yes|no)') }}
|
|
PubkeyAuthentication: {{ sshd_config.stdout | regex_search('pubkeyauthentication (yes|no)') }}
|
|
PermitRootLogin: {{ sshd_config.stdout | regex_search('permitrootlogin (yes|no|prohibit-password)') }}
|
|
MaxAuthTries: {{ sshd_config.stdout | regex_search('maxauthtries [0-9]+') }}
|
|
|
|
- name: Check if authorized_keys file exists
|
|
stat:
|
|
path: /root/.ssh/authorized_keys
|
|
register: authorized_keys_stat
|
|
|
|
- name: Display authorized_keys status
|
|
debug:
|
|
msg: "Authorized keys file exists: {{ authorized_keys_stat.stat.exists }}"
|
|
|
|
- name: Check authorized_keys permissions
|
|
stat:
|
|
path: /root/.ssh/authorized_keys
|
|
register: authorized_keys_perm
|
|
when: authorized_keys_stat.stat.exists
|
|
|
|
- name: Display authorized_keys permissions
|
|
debug:
|
|
msg: "Authorized keys permissions: {{ authorized_keys_perm.stat.mode }}"
|
|
when: authorized_keys_stat.stat.exists
|
|
|
|
- name: Fix authorized_keys permissions
|
|
file:
|
|
path: /root/.ssh/authorized_keys
|
|
mode: '0600'
|
|
owner: root
|
|
group: root
|
|
when: authorized_keys_stat.stat.exists
|
|
|
|
- name: Fix .ssh directory permissions
|
|
file:
|
|
path: /root/.ssh
|
|
mode: '0700'
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Check SSH log for recent errors
|
|
command: journalctl -u ssh -n 20 --no-pager
|
|
register: ssh_logs
|
|
ignore_errors: yes
|
|
|
|
- name: Display recent SSH logs
|
|
debug:
|
|
msg: "{{ ssh_logs.stdout_lines }}"
|
|
|
|
- name: Test SSH connection locally
|
|
command: ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no root@localhost "echo 'SSH test successful'"
|
|
register: ssh_local_test
|
|
ignore_errors: yes
|
|
|
|
- name: Display SSH local test result
|
|
debug:
|
|
msg: "SSH local test: {{ 'SUCCESS' if ssh_local_test.rc == 0 else 'FAILED' }}"
|
|
|
|
- name: Check SSH agent
|
|
command: ssh-add -l
|
|
register: ssh_agent_keys
|
|
ignore_errors: yes
|
|
|
|
- name: Display SSH agent keys
|
|
debug:
|
|
msg: "SSH agent keys: {{ ssh_agent_keys.stdout_lines }}"
|
|
when: ssh_agent_keys.rc == 0
|
|
|
|
- name: Restart SSH service
|
|
systemd:
|
|
name: ssh
|
|
state: restarted
|
|
register: ssh_restart
|
|
|
|
- name: Display SSH restart result
|
|
debug:
|
|
msg: "SSH service restarted: {{ ssh_restart.changed }}"
|