From 62ea3f550f722f7719b54b1e4db446cdbcfde140 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 12 Feb 2020 12:03:34 +0100
Subject: sshd: make ssh-allow-any-user check nicer

---
 roles/sshd/defaults/main.yml | 2 ++
 roles/sshd/tasks/main.yml    | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)
 create mode 100644 roles/sshd/defaults/main.yml

(limited to 'roles/sshd')

diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml
new file mode 100644
index 00000000..8b25827b
--- /dev/null
+++ b/roles/sshd/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+ssh_allow_any_user: False
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index a9393cfd..5eb15081 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -27,7 +27,7 @@
   notify: restart ssh
 
 - name: limit allowed users
-  when: ssh_allow_any_user is undefined or not ssh_allow_any_user
+  when: not ssh_allow_any_user
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: "^AllowUsers\\s"
@@ -35,7 +35,7 @@
   notify: restart ssh
 
 - name: allow any user
-  when: ssh_allow_any_user is defined and ssh_allow_any_user
+  when: ssh_allow_any_user
   lineinfile:
     dest: /etc/ssh/sshd_config
     regexp: "^AllowUsers\\s"
-- 
cgit v1.2.3