2016-11-07 14:00:57 +01:00
|
|
|
---
|
|
|
|
|
|
2017-06-12 14:28:48 +02:00
|
|
|
- name: "Create .ssh directory for '{{ user.name }}'"
|
2016-11-07 14:00:57 +01:00
|
|
|
file:
|
|
|
|
|
dest: '/home/{{ user.name }}/.ssh/'
|
|
|
|
|
state: directory
|
2017-03-23 16:59:43 +01:00
|
|
|
mode: "0700"
|
2016-11-07 14:00:57 +01:00
|
|
|
owner: '{{ user.name }}'
|
|
|
|
|
group: '{{ user.name }}'
|
|
|
|
|
|
2017-06-12 14:28:48 +02:00
|
|
|
- name: "Add user's SSH public key for '{{ user.name }}'"
|
2016-12-27 14:04:02 +01:00
|
|
|
authorized_key:
|
|
|
|
|
user: "{{ user.name }}"
|
|
|
|
|
key: "{{ user.ssh_key }}"
|
|
|
|
|
state: present
|
2017-10-06 00:51:20 +02:00
|
|
|
when: user.ssh_key is defined
|
|
|
|
|
|
|
|
|
|
- name: "Add user's SSH public keys for '{{ user.name }}'"
|
|
|
|
|
authorized_key:
|
|
|
|
|
user: "{{ user.name }}"
|
|
|
|
|
key: "{{ ssk_key }}"
|
|
|
|
|
state: present
|
|
|
|
|
with_items: "{{ user.ssh_keys }}"
|
|
|
|
|
loop_control:
|
|
|
|
|
loop_var: ssk_key
|
|
|
|
|
when: user.ssh_keys is defined
|
2016-12-27 14:04:02 +01:00
|
|
|
|
2018-02-08 15:29:53 +01:00
|
|
|
- name: verify AllowGroups directive
|
2018-04-04 23:22:46 +02:00
|
|
|
command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
|
2016-12-27 14:04:02 +01:00
|
|
|
changed_when: False
|
|
|
|
|
failed_when: False
|
2017-03-24 14:15:09 +01:00
|
|
|
check_mode: no
|
2018-03-01 11:07:43 +01:00
|
|
|
register: grep_allowgroups_ssh
|
2017-03-24 14:15:09 +01:00
|
|
|
|
2018-03-01 11:07:43 +01:00
|
|
|
# If AllowGroups is present or Debian 9+, use AllowGroups mode
|
2018-03-01 11:59:36 +01:00
|
|
|
- include: ssh_allowgroups.yml
|
2018-03-01 11:07:43 +01:00
|
|
|
when: grep_allowgroups_ssh.rc == 0 or ansible_distribution_major_version | version_compare('9', '>=')
|
2016-11-07 14:00:57 +01:00
|
|
|
|
2018-03-01 11:07:43 +01:00
|
|
|
# If AllowGroups is absent, use AllowUsers mode
|
2018-03-01 11:59:36 +01:00
|
|
|
- include: ssh_allowusers.yml
|
2018-02-08 15:29:53 +01:00
|
|
|
when: grep_allowgroups_ssh.rc != 0
|
