ssh: add flag to remove AllowUsers config option

1 files changed, 10 insertions, 1 deletions

diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index d73d778b..a9393cfd 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -27,12 +27,21 @@
   notify: restart ssh
 
 - name: limit allowed users
+  when: ssh_allow_any_user is undefined or not ssh_allow_any_user
   lineinfile:
     dest: /etc/ssh/sshd_config
-    regexp: "^AllowUsers"
+    regexp: "^AllowUsers\\s"
     line: "AllowUsers {{ ' '.join([ 'root' ] | union(ssh_allowusers_group | default([])) | union(ssh_allowusers_host | default([]))) }}"
   notify: restart ssh
 
+- name: allow any user
+  when: ssh_allow_any_user is defined and ssh_allow_any_user
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    regexp: "^AllowUsers\\s"
+    state: absent
+  notify: restart ssh
+
 - name: install ssh keys for root
   authorized_key:
     user: root