evolinux-base: allow ssh for current user
When you're not sure to have a proper ssh connection after install, you can keep the current user authorized. Example: when using vagrant This is disabled by default
This commit is contained in:
parent
382d545d0d
commit
03bc456dfa
|
@ -37,5 +37,6 @@ Main variables are:
|
|||
* `evolinux_postfix_purge_exim`: purge Exim packages (default: `True`) ;
|
||||
* `evolinux_ssh_password_auth_addresses`: list of addresses that can authenticate with a password (default: `[]`)
|
||||
* `evolinux_ssh_disable_root`: disable SSH access for root (default: `False`)
|
||||
* `evolinux_ssh_allow_current_user`: don't lock yourself out (default: `False`)
|
||||
|
||||
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
||||
|
|
|
@ -111,6 +111,7 @@ evolinux_ssh_include: True
|
|||
evolinux_ssh_password_auth_addresses: []
|
||||
evolinux_ssh_match_address: True
|
||||
evolinux_ssh_disable_acceptenv: True
|
||||
evolinux_ssh_allow_current_user: False
|
||||
|
||||
# evolinux users
|
||||
|
||||
|
|
|
@ -35,4 +35,17 @@
|
|||
notify: reload sshd
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: "Get current user"
|
||||
command: logname
|
||||
register: logname
|
||||
check_mode: no
|
||||
when: evolinux_ssh_allow_current_user
|
||||
|
||||
- name: "Allow current user"
|
||||
lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
line: "AllowUsers {{ logname.stdout }}"
|
||||
insertafter: 'Subsystem'
|
||||
when: evolinux_ssh_allow_current_user
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
Loading…
Reference in a new issue