From 890055753e8a56e7424bf5f9f63239df4b661cf8 Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Mon, 17 Jun 2019 10:23:56 +0200
Subject: [PATCH] evolinux-users: Validate sshd config with "-t" instead of
 "-T"

See #52
---
 CHANGELOG.md                             | 1 +
 evolinux-users/tasks/ssh_allowgroups.yml | 4 ++--
 evolinux-users/tasks/ssh_allowusers.yml  | 8 ++++----
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 22240aaf..cff6f14d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,7 @@ The **patch** part changes incrementally at each release.
 * redmine: fix 500 error on logging
 * evolinux-base: Validate sshd config with "-t" instead of "-T"
 * evolinux-base: Ensure rename is present
+* evolinux-users: Validate sshd config with "-t" instead of "-T"
 
 ### Security
 
diff --git a/evolinux-users/tasks/ssh_allowgroups.yml b/evolinux-users/tasks/ssh_allowgroups.yml
index 68635548..a4e4ee54 100644
--- a/evolinux-users/tasks/ssh_allowgroups.yml
+++ b/evolinux-users/tasks/ssh_allowgroups.yml
@@ -14,7 +14,7 @@
     dest: /etc/ssh/sshd_config
     line: "\nAllowGroups {{ evolinux_ssh_group }}"
     insertafter: 'Subsystem'
-    validate: '/usr/sbin/sshd -T -f %s'
+    validate: '/usr/sbin/sshd -t -f %s'
   notify: reload sshd
   when: grep_allowgroups_ssh.rc != 0
 
@@ -23,6 +23,6 @@
     dest: /etc/ssh/sshd_config
     regexp: '^(AllowGroups ((?!\b{{ evolinux_ssh_group }}\b).)*)$'
     replace: '\1 {{ evolinux_ssh_group }}'
-    validate: '/usr/sbin/sshd -T -f %s'
+    validate: '/usr/sbin/sshd -t -f %s'
   notify: reload sshd
   when: grep_allowgroups_ssh.rc == 0
diff --git a/evolinux-users/tasks/ssh_allowusers.yml b/evolinux-users/tasks/ssh_allowusers.yml
index fff04f8c..1aa31f3c 100644
--- a/evolinux-users/tasks/ssh_allowusers.yml
+++ b/evolinux-users/tasks/ssh_allowusers.yml
@@ -14,7 +14,7 @@
     dest: /etc/ssh/sshd_config
     line: "\nAllowUsers {{ user.name }}"
     insertafter: 'Subsystem'
-    validate: '/usr/sbin/sshd -T -f %s'
+    validate: '/usr/sbin/sshd -t -f %s'
   notify: reload sshd
   when: grep_allowusers_ssh.rc != 0
 
@@ -23,7 +23,7 @@
     dest: /etc/ssh/sshd_config
     regexp: '^(AllowUsers ((?!\b{{ user.name }}\b).)*)$'
     replace: '\1 {{ user.name }}'
-    validate: '/usr/sbin/sshd -T -f %s'
+    validate: '/usr/sbin/sshd -t -f %s'
   notify: reload sshd
   when: grep_allowusers_ssh.rc == 0
 
@@ -39,7 +39,7 @@
     dest: /etc/ssh/sshd_config
     line: "\nMatch User {{ user.name }}\n    PasswordAuthentication no"
     insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS"
-    validate: '/usr/sbin/sshd -T -f %s'
+    validate: '/usr/sbin/sshd -t -f %s'
   notify: reload sshd
   when: grep_matchuser_ssh.rc != 0
 
@@ -48,6 +48,6 @@
     dest: /etc/ssh/sshd_config
     regexp: '^(Match User ((?!{{ user.name }}).)*)$'
     replace: '\1,{{ user.name }}'
-    validate: '/usr/sbin/sshd -T -f %s'
+    validate: '/usr/sbin/sshd -t -f %s'
   notify: reload sshd
   when: grep_matchuser_ssh.rc == 0