diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-02-12 11:59:23 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-02-12 11:59:31 +0100 |
commit | d1f28f50ebc18996cf60b1842819be8699251de0 (patch) | |
tree | 8369a7c6e85b1238af7fc5770795b50a0421c0c8 /roles/sshd/tasks | |
parent | apply intel nic stability workaround for sk-cloudia and sk-2019 (diff) |
ssh: add flag to remove AllowUsers config option
Diffstat (limited to 'roles/sshd/tasks')
-rw-r--r-- | roles/sshd/tasks/main.yml | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index d73d778b..a9393cfd 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -27,12 +27,21 @@ notify: restart ssh - name: limit allowed users + when: ssh_allow_any_user is undefined or not ssh_allow_any_user lineinfile: dest: /etc/ssh/sshd_config - regexp: "^AllowUsers" + regexp: "^AllowUsers\\s" line: "AllowUsers {{ ' '.join([ 'root' ] | union(ssh_allowusers_group | default([])) | union(ssh_allowusers_host | default([]))) }}" notify: restart ssh +- name: allow any user + when: ssh_allow_any_user is defined and ssh_allow_any_user + lineinfile: + dest: /etc/ssh/sshd_config + regexp: "^AllowUsers\\s" + state: absent + notify: restart ssh + - name: install ssh keys for root authorized_key: user: root |