28 lines
848 B
YAML
28 lines
848 B
YAML
|
---
|
||
|
|
||
|
- name: "root can connect over SSH from other servers"
|
||
|
blockinfile:
|
||
|
dest: /etc/ssh/sshd_config
|
||
|
marker: "# {mark} ROOT AUTHORIZATION"
|
||
|
block: |
|
||
|
Match User root Address {{ other_servers_from_group_ips | join(',') }}
|
||
|
AllowGroups root
|
||
|
PubkeyAuthentication yes
|
||
|
PasswordAuthentication no
|
||
|
PermitRootLogin without-password
|
||
|
state: present
|
||
|
notify: reload sshd
|
||
|
when: (boost_allow_root_ssh_between_servers | bool) and (other_servers_from_group_ips | length > 0)
|
||
|
tags:
|
||
|
- ssh
|
||
|
|
||
|
- name: "root can connect over SSH from other servers"
|
||
|
blockinfile:
|
||
|
dest: /etc/ssh/sshd_config
|
||
|
marker: "# {mark} ROOT AUTHORIZATION"
|
||
|
state: absent
|
||
|
notify: reload sshd
|
||
|
when: not (boost_allow_root_ssh_between_servers | bool) or (other_servers_from_group_ips | length <= 0)
|
||
|
tags:
|
||
|
- ssh
|