From 6c83c3f715ed9b38108ec729f95c8e63350339c0 Mon Sep 17 00:00:00 2001
From: Vital Kudzelka <vital.kudzelka@gmail.com>
Date: Tue, 29 Jul 2014 17:58:51 +0300
Subject: [PATCH] Validate ssh config before applying any changes

---
 tasks/main.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 495afff..7da9c45 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,18 +6,18 @@
   when: ssh_identity_key is defined and ssh_user is defined
 
 - name: Disable empty password login
-  lineinfile: dest={{ sshd_config }} regexp="^#?PermitEmptyPasswords" line="PermitEmptyPasswords no"
+  lineinfile: dest={{ sshd_config }} regexp="^#?PermitEmptyPasswords" line="PermitEmptyPasswords no" validate="sshd -t -f %s"
   notify: restart sshd
 
 - name: Disable remote root login
-  lineinfile: dest={{ sshd_config }} regexp="^#?PermitRootLogin" line="PermitRootLogin no"
+  lineinfile: dest={{ sshd_config }} regexp="^#?PermitRootLogin" line="PermitRootLogin no" validate="sshd -t -f %s"
   notify: restart sshd
 
 - name: Disable password login
-  lineinfile: dest={{ sshd_config }} regexp="^#?PasswordAuthentication" line="PasswordAuthentication no"
+  lineinfile: dest={{ sshd_config }} regexp="^#?PasswordAuthentication" line="PasswordAuthentication no" validate="sshd -t -f %s"
   when: add_identity_key|success and not add_identity_key|skipped
   notify: restart sshd
 
 - name: Enable PAM
-  lineinfile: dest={{ sshd_config }} regexp="^#?UsePAM" line="UsePAM yes"
+  lineinfile: dest={{ sshd_config }} regexp="^#?UsePAM" line="UsePAM yes" validate="sshd -t -f %s"
   notify: restart sshd