Gregory Colpart
20f6371980
typo
2018-05-01 19:38:55 +02:00
Jérémy Lecour
8384e8ba43
evolinux: groups for SSH configuration are used with Debian 10 and later
2018-04-20 14:38:55 +02:00
Jérémy Lecour
b01d9178d0
evolinux-users: split AllowGroups/AllowUsers modes
...
If an AllowGroups directive is found or when using Debian 9+,
we use the AllowGroups directive and comment AllowUsers that may be
already present.
When adding a user, we make sure that the allowed group exists
and the use is in that group, to be sure that at least this user
is allowed to connect.
In other situations, we use the AllowUsers directive.
2018-04-18 12:16:04 +02:00
Jérémy Lecour
8abed3e258
Use "command" instead of "shell" where possible
2018-04-04 23:36:00 +02:00
Jérémy Lecour
b4e4b14fc6
Invert SSH Match User directives
2017-10-17 10:28:48 +02:00
Jérémy Lecour
13e1c0486b
"egrep" is deprecated, use "grep -E"
2017-10-08 22:47:03 +02:00
Jérémy Lecour
a07d1d873a
evolinux-base: bad group for password restrictions
2017-10-08 12:49:55 +02:00
Jérémy Lecour
6984c121c2
evolinux-base/ssh: syntax clarity
...
"X != []" seems better than "not X == []"
when the variable name is quite long
and even more when we already use "X == []" in a previous condition
2017-10-08 12:48:56 +02:00
Jérémy Lecour
518353268a
evolinux-base: logname command doesn't change
2017-10-07 22:56:37 +02:00
Jérémy Lecour
094ad8c28d
evolinux-base: improve AllowUsers for current user
2017-10-07 22:17:38 +02:00
Jérémy Lecour
03bc456dfa
evolinux-base: allow ssh for current user
...
When you're not sure to have a proper ssh connection after install,
you can keep the current user authorized.
Example: when using vagrant
This is disabled by default
2017-10-07 13:12:03 +02:00
Jérémy Lecour
7b88393ccf
Refactoring of admin-users + evolinux-base roles
...
* rename admin-users to evolinux-users
* splitting the "sudo" part for users between jessie and stretch
* with stretch, the sudo group is customizable and properly configured
* import evolinux-users role from evolinux-base at proper time
to ensure ssh connections are possible for other users before
cutting root's access
* evomaintenance is also included in evolinux-base to have it available
when users are created
2017-10-06 01:06:59 +02:00
Jérémy Lecour
be32fd9a23
Remove useless comments
2017-10-05 00:29:14 +02:00
Jérémy Lecour
3a9b95cedc
evolinux-base: fallback with warning for ssh without addresses
2017-09-14 14:26:00 +02:00
Gregory Colpart
a074f6488a
we use now evolinux-sudo group to set sudo rights
2017-09-08 01:26:53 +02:00
Gregory Colpart
5226082db0
evolinux-base and admin-users are only compatible Debian >=8, declare once in main.yml and that's all
...
(will be probably generalized to others modules if needed)
2017-08-22 01:37:04 +02:00
Benoît S.
a95d7893c5
Add a comment about AcceptEnv
2017-08-18 14:37:34 +02:00
Gregory Colpart
d82b12b614
fail when evolinux_ssh_password_auth_addresses is empty instead of Ansible crash (like for minifirewall)
2017-08-18 04:13:56 +02:00
Jérémy Lecour
4b8456c5b7
Fix ssh security policy
2017-08-05 12:13:42 -04:00
Jérémy Lecour
adc3bd7a93
Fix ssh LogLevel
...
* the directive can be present but commented
* the version comparison was wrong
2017-07-19 13:49:08 +02:00
Jérémy Lecour
d3af1320c9
SSH: log level to verbose for Stretch and later
2017-06-14 15:53:15 +02:00
Jérémy Lecour
5b2ab0d8d3
Ansible >= 2.2 supported
2017-03-24 14:15:09 +01:00
Jérémy Lecour
8920ff1ee4
Add "always_run: yes" where it's pertinent
...
There is also the "check_mode: no", but commented,
for when we switch to Ansible 2.2
2017-01-31 11:45:35 +01:00
Jérémy Lecour
e1654414ea
evolinux-base: flush handlers at end of each include
2017-01-03 17:02:23 +01:00
Jérémy Lecour
130e1f2b0e
evolinux-base: add conditions for most of tasks
2017-01-03 16:38:04 +01:00
Jérémy Lecour
17ed9bc28e
evolinux-base: SSH MatchAddress skips when empty array
2017-01-03 11:44:20 +01:00
Jérémy Lecour
b2971d1f7d
evolinux-base: add ssh.yml
...
* disable root login
* list authorized addresses
* disable AcceptEnv
2016-12-27 14:04:12 +01:00