evolinux-base: allow ssh for current user
When you're not sure to have a proper ssh connection after install, you can keep the current user authorized. Example: when using vagrant This is disabled by default
This commit is contained in:
parent
382d545d0d
commit
03bc456dfa
|
@ -37,5 +37,6 @@ Main variables are:
|
||||||
* `evolinux_postfix_purge_exim`: purge Exim packages (default: `True`) ;
|
* `evolinux_postfix_purge_exim`: purge Exim packages (default: `True`) ;
|
||||||
* `evolinux_ssh_password_auth_addresses`: list of addresses that can authenticate with a password (default: `[]`)
|
* `evolinux_ssh_password_auth_addresses`: list of addresses that can authenticate with a password (default: `[]`)
|
||||||
* `evolinux_ssh_disable_root`: disable SSH access for root (default: `False`)
|
* `evolinux_ssh_disable_root`: disable SSH access for root (default: `False`)
|
||||||
|
* `evolinux_ssh_allow_current_user`: don't lock yourself out (default: `False`)
|
||||||
|
|
||||||
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
||||||
|
|
|
@ -111,6 +111,7 @@ evolinux_ssh_include: True
|
||||||
evolinux_ssh_password_auth_addresses: []
|
evolinux_ssh_password_auth_addresses: []
|
||||||
evolinux_ssh_match_address: True
|
evolinux_ssh_match_address: True
|
||||||
evolinux_ssh_disable_acceptenv: True
|
evolinux_ssh_disable_acceptenv: True
|
||||||
|
evolinux_ssh_allow_current_user: False
|
||||||
|
|
||||||
# evolinux users
|
# evolinux users
|
||||||
|
|
||||||
|
|
|
@ -35,4 +35,17 @@
|
||||||
notify: reload sshd
|
notify: reload sshd
|
||||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||||
|
|
||||||
|
- name: "Get current user"
|
||||||
|
command: logname
|
||||||
|
register: logname
|
||||||
|
check_mode: no
|
||||||
|
when: evolinux_ssh_allow_current_user
|
||||||
|
|
||||||
|
- name: "Allow current user"
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/ssh/sshd_config
|
||||||
|
line: "AllowUsers {{ logname.stdout }}"
|
||||||
|
insertafter: 'Subsystem'
|
||||||
|
when: evolinux_ssh_allow_current_user
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
Loading…
Reference in a new issue