I'm working with my vendor to setup the Ansible to harden my AIX servers. I was informed that Ansible required to login as root via SSH to perform the task, which means the sshd_config has to enable permitrootlogin, despite setting "permitrootlogin no" is 1 item in the hardening checklist. The vendor proposed solution is to either set the root without password and authenticate via public/private key, or to install sudo rpm into the box (AIX doesn't come with sudo by default). They don't recommend the latter method due to IBM is not going to support it as well as vulnerability that possible to be found on it. I'm not an AIX expert and thus would like to know whether the claims are true.
Thinking to keep the hardening checklist intact, I'm exploring other alternative and found the "become" from Ansible Doc here <https://docs.ansible.com/ansible/2.5/user_guide/become.html>. Can this be the solution to retain the "permitrootlogin no" on the server? Or else how is everyone handle this? Thanks! -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9be6184f-a394-4454-9d6f-a5427b0a2b62%40googlegroups.com.
