sshd: make ssh-allow-any-user check nicer

author: Christian Pointner <equinox@spreadspace.org> 2020-02-12 12:03:34 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2020-02-12 12:03:34 +0100
commit: 62ea3f550f722f7719b54b1e4db446cdbcfde140 (patch)
tree: 00bb111f79eda55281ef6737f374cbe3747f3369 /roles/sshd
parent: ssh: add flag to remove AllowUsers config option (diff)
2 files changed, 4 insertions, 2 deletions
diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml
new file mode 100644
index 00000000..8b25827b
--- /dev/null
+++ b/roles/sshd/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+ssh_allow_any_user: False
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index a9393cfd..5eb15081 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -27,7 +27,7 @@
   notify: restart ssh
 
 - name: limit allowed users
-  when: ssh_allow_any_user is undefined or not ssh_allow_any_user
+  when: not ssh_allow_any_user
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: "^AllowUsers\\s"
@@ -35,7 +35,7 @@
   notify: restart ssh
 
 - name: allow any user
-  when: ssh_allow_any_user is defined and ssh_allow_any_user
+  when: ssh_allow_any_user
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: "^AllowUsers\\s"
author	Christian Pointner <equinox@spreadspace.org>	2020-02-12 12:03:34 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2020-02-12 12:03:34 +0100
commit	62ea3f550f722f7719b54b1e4db446cdbcfde140 (patch)
tree	00bb111f79eda55281ef6737f374cbe3747f3369 /roles/sshd
parent	ssh: add flag to remove AllowUsers config option (diff)