SSH configuration not up to the evolix standard #23
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
An access whitelist should be present, either based on AllowGroups or AllowUsers.
That's right!
At first, it wasn't needed since on the OpenBSD machines the only Unix accounts were the system administrators one.
Now, some of the machines we're taking care of have other Unix accounts which are not supposed to connect through SSH.
I will port the evolinux-users role. I have experience from optimising the linux version in evolix/ansible-roles#78.
I believe we only need to support adding new users to an existing AllowUsers statement, new groups to an existing AllowGroups statement or creating the AllowGroups statement. I do not think there is a case where we would want to create an AllowUsers statement if one is not already in use, am I right ?
Good to know! I didn't look over the changes you made though.
I agree with you, but I'm not even sure we should add an AllowGroups statement on a system already in production unless we're sure it won't cause unpredicted side effects. For instance on the Evolix firewalls/routers.
We dont generally run the evolixisation playbook on production systems though ? And tags make it possible to ignore certain tasks if we ever need to.
See pull request #26
This should be closed by #26