evolinux-users: Validate sshd config with "-t" instead of "-T"

See #52
This commit is contained in:
Ludovic Poujol 2019-06-17 10:23:56 +02:00
parent 75a8c90258
commit 890055753e
3 changed files with 7 additions and 6 deletions

View File

@ -32,6 +32,7 @@ The **patch** part changes incrementally at each release.
* redmine: fix 500 error on logging
* evolinux-base: Validate sshd config with "-t" instead of "-T"
* evolinux-base: Ensure rename is present
* evolinux-users: Validate sshd config with "-t" instead of "-T"
### Security

View File

@ -14,7 +14,7 @@
dest: /etc/ssh/sshd_config
line: "\nAllowGroups {{ evolinux_ssh_group }}"
insertafter: 'Subsystem'
validate: '/usr/sbin/sshd -T -f %s'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: grep_allowgroups_ssh.rc != 0
@ -23,6 +23,6 @@
dest: /etc/ssh/sshd_config
regexp: '^(AllowGroups ((?!\b{{ evolinux_ssh_group }}\b).)*)$'
replace: '\1 {{ evolinux_ssh_group }}'
validate: '/usr/sbin/sshd -T -f %s'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: grep_allowgroups_ssh.rc == 0

View File

@ -14,7 +14,7 @@
dest: /etc/ssh/sshd_config
line: "\nAllowUsers {{ user.name }}"
insertafter: 'Subsystem'
validate: '/usr/sbin/sshd -T -f %s'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: grep_allowusers_ssh.rc != 0
@ -23,7 +23,7 @@
dest: /etc/ssh/sshd_config
regexp: '^(AllowUsers ((?!\b{{ user.name }}\b).)*)$'
replace: '\1 {{ user.name }}'
validate: '/usr/sbin/sshd -T -f %s'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: grep_allowusers_ssh.rc == 0
@ -39,7 +39,7 @@
dest: /etc/ssh/sshd_config
line: "\nMatch User {{ user.name }}\n PasswordAuthentication no"
insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
validate: '/usr/sbin/sshd -T -f %s'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: grep_matchuser_ssh.rc != 0
@ -48,6 +48,6 @@
dest: /etc/ssh/sshd_config
regexp: '^(Match User ((?!{{ user.name }}).)*)$'
replace: '\1,{{ user.name }}'
validate: '/usr/sbin/sshd -T -f %s'
validate: '/usr/sbin/sshd -t -f %s'
notify: reload sshd
when: grep_matchuser_ssh.rc == 0