added tagged task that adds SSH authentication restrictions

roles/init-server/tasks/lock.yml

@@ -5,9 +5,24 @@
 - name: Checking whether administrative login used
   when: ansible_facts["user_id"] not in (admins | map(attribute="username") | list)
   ansible.builtin.fail:
-    msg: Administrative user does not exist on managed node
+    msg: Must use administrative user for subsequent tasks
+- name: Setting approved SSH authentication procedures
+  when: harden and ansible_facts["system"] == "Linux"
+  become: true
+  ansible.builtin.copy:
+    src: sshd_config.d/auth.conf
+    dest: /etc/ssh/sshd_config.d/auth.conf
+    owner: root
+    group: root
+    mode: "644"
+    force: true
+    backup: true
+    validate: "sshd -t %s"
+  register: ssh_authenticator
+  tags:
+    - ssh_secure_auth
 - name: Prohibiting SSH root login
-  when: harden
+  when: harden and ansible_facts["system"] == "Linux"
   become: true
   ansible.builtin.copy:
     src: sshd_config.d/denyroot.conf
@@ -28,6 +43,7 @@
   loop: "{{ sys_users }}"
   register: ftp_groups
 - name: Configuring SFTP for FTP group
+  when: ansible_facts["system"] == "Linux"
   become: true
   ansible.builtin.template:
     src: sshd_config.d/sftp.conf.j2