evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

evolinux-base : remove root from AllowUsers directive

Browse source 
when disabling root login, also remove it from AllowUsers if present
This commit is contained in:
Jérémy Lecour 2017-10-10 21:59:43 +02:00
parent 79e57b7787
commit 707aabb404
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
evolinux-base/tasks/root.yml
View file

@ -88,4 +88,13 @@
notify: reload sshd
when: evolinux_root_disable_ssh
- name: remove root from AllowUsers directive
replace:
dest: /etc/ssh/sshd_config
regexp: '^(AllowUsers ((?!root(?:@\S+)?).)*)(\sroot(?:@\S+)?|root(?:@\S+)?\s)(.*)$'
replace: '\1\4'
validate: '/usr/sbin/sshd -T -f %s'
notify: reload sshd
when: evolinux_root_disable_ssh
- meta: flush_handlers