evolix
/
ansible-roles
22
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity

Evolinux: don't remove root from AllowUsers list

This commit is contained in:
Jérémy Lecour 2017-10-11 17:58:42 +02:00 committed by Jérémy Lecour
parent 8518902ec9
commit c77bc14e95
2 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
evolinux-base/tasks/root.yml
View File

@ -85,16 +85,18 @@
dest: /etc/ssh/sshd_config
regexp: '^PermitRootLogin (yes|without-password|prohibit-password)'
replace: "PermitRootLogin no"
notify: reload sshd
when: evolinux_root_disable_ssh
- name: remove root from AllowUsers directive
replace:
dest: /etc/ssh/sshd_config
regexp: '^(AllowUsers ((?!root(?:@\S+)?).)*)(\sroot(?:@\S+)?|root(?:@\S+)?\s)(.*)$'
replace: '\1\4'
validate: '/usr/sbin/sshd -T -f %s'
notify: reload sshd
when: evolinux_root_disable_ssh
### Disabled : it seems useless and too dangerous for now
# - name: remove root from AllowUsers directive
# replace:
# dest: /etc/ssh/sshd_config
# regexp: '^(AllowUsers ((?!root(?:@\S+)?).)*)(\sroot(?:@\S+)?|root(?:@\S+)?\s)(.*)$'
# replace: '\1\4'
# validate: '/usr/sbin/sshd -T -f %s'
# notify: reload sshd
# when: evolinux_root_disable_ssh
- meta: flush_handlers

15
evolinux-users/tasks/root_disable_ssh.yml
View File

@ -7,10 +7,11 @@
replace: "PermitRootLogin no"
notify: reload sshd
- name: remove root from AllowUsers directive
replace:
dest: /etc/ssh/sshd_config
regexp: '^(AllowUsers ((?!root(?:@\S+)?).)*)(\sroot(?:@\S+)?|root(?:@\S+)?\s)(.*)$'
replace: '\1\4'
validate: '/usr/sbin/sshd -T -f %s'
notify: reload sshd
### Disabled : it seems useless and too dangerous for now
# - name: remove root from AllowUsers directive
# replace:
# dest: /etc/ssh/sshd_config
# regexp: '^(AllowUsers ((?!root(?:@\S+)?).)*)(\sroot(?:@\S+)?|root(?:@\S+)?\s)(.*)$'
# replace: '\1\4'
# validate: '/usr/sbin/sshd -T -f %s'
# notify: reload sshd