Evolinux: don't remove root from AllowUsers list
This commit is contained in:
parent
8518902ec9
commit
c77bc14e95
|
@ -85,16 +85,18 @@
|
|||
dest: /etc/ssh/sshd_config
|
||||
regexp: '^PermitRootLogin (yes|without-password|prohibit-password)'
|
||||
replace: "PermitRootLogin no"
|
||||
notify: reload sshd
|
||||
when: evolinux_root_disable_ssh
|
||||
|
||||
- name: remove root from AllowUsers directive
|
||||
replace:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: '^(AllowUsers ((?!root(?:@\S+)?).)*)(\sroot(?:@\S+)?|root(?:@\S+)?\s)(.*)$'
|
||||
replace: '\1\4'
|
||||
validate: '/usr/sbin/sshd -T -f %s'
|
||||
notify: reload sshd
|
||||
when: evolinux_root_disable_ssh
|
||||
|
||||
### Disabled : it seems useless and too dangerous for now
|
||||
# - name: remove root from AllowUsers directive
|
||||
# replace:
|
||||
# dest: /etc/ssh/sshd_config
|
||||
# regexp: '^(AllowUsers ((?!root(?:@\S+)?).)*)(\sroot(?:@\S+)?|root(?:@\S+)?\s)(.*)$'
|
||||
# replace: '\1\4'
|
||||
# validate: '/usr/sbin/sshd -T -f %s'
|
||||
# notify: reload sshd
|
||||
# when: evolinux_root_disable_ssh
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
|
@ -7,10 +7,11 @@
|
|||
replace: "PermitRootLogin no"
|
||||
notify: reload sshd
|
||||
|
||||
- name: remove root from AllowUsers directive
|
||||
replace:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: '^(AllowUsers ((?!root(?:@\S+)?).)*)(\sroot(?:@\S+)?|root(?:@\S+)?\s)(.*)$'
|
||||
replace: '\1\4'
|
||||
validate: '/usr/sbin/sshd -T -f %s'
|
||||
notify: reload sshd
|
||||
### Disabled : it seems useless and too dangerous for now
|
||||
# - name: remove root from AllowUsers directive
|
||||
# replace:
|
||||
# dest: /etc/ssh/sshd_config
|
||||
# regexp: '^(AllowUsers ((?!root(?:@\S+)?).)*)(\sroot(?:@\S+)?|root(?:@\S+)?\s)(.*)$'
|
||||
# replace: '\1\4'
|
||||
# validate: '/usr/sbin/sshd -T -f %s'
|
||||
# notify: reload sshd
|
||||
|
|
Loading…
Reference in New Issue